Ka-Ping Yee and Kragen Sitaker: Passpet
July 13, 2006 by PingPasspet is a Firefox extension that helps you manage your passwords and protects you from phishing. You memorize one master secret, and you click on your Passpet to generate a unique password for each site. The Passpet icon is a randomly chosen animal that differs from user to user. Passpet provides a “site label” field where you enter your own label for a site, so you can reliably identify it when you are at that site again. The site label you enter is used to compute the site-specific password.
Passpet uses cryptographic techniques to make dictionary attacks harder, and stores information (but not your passwords) on a server of your choice so you can regenerate your passwords when using a different computer.
The five ideas contributed by Passpet are:
1. Variable-strength password hashing.
2. Live feedback on password strength (time to crack).
3. Using user-assigned labels for password hashing.
4. Offering functionality via a personalized security agent.
5. Direct interaction with a customized part of the security tool.
Michael wrote:
July 13th, 2006 at 11:09
This study contained a lot of very interesting ideas and I think Passpet itself is rather well designed. I am somewhat concerned that site labels will tend to be predictable in many cases - for instance, most users will probably label http://www.paypal.com with “paypal”; however, it isn’t clear how much of a problem this is since it should still be hard to guess the pet’s name and image. I suspect it may improve security, and possibly user-satisfaction, to let user’s choose the pet’s type and name themselves.
I have been working with realtime feedback on password strength for awhile now and have some intriguing preliminary results. For more information see:
http://www.embracetherandom.com/changePasswordUIStudy/
I am hoping to put together a larger study by recruiting faculty/TAs from various institutions to participate by using the Dropbox-Online.com homework submission system this coming fall. Please contact me if you’re interested in participating!