1 / 21

Bootstrapping Mobile PINs Using Passwords

Bootstrapping Mobile PINs Using Passwords. Markus Jakobsson Debin Liu Information Risk Management PayPal. A Bit about Authentication. Difficulty customizing settings. Difficulty authenticating. Short battery life. Lack of coverage.

lorin
Download Presentation

Bootstrapping Mobile PINs Using Passwords

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Bootstrapping Mobile PINs Using Passwords Markus Jakobsson Debin Liu Information Risk Management PayPal

  2. A Bit about Authentication Difficulty customizing settings Difficulty authenticating Short battery life Lack of coverage 1 2 3 4 5 Slow Web connection Poor voice quality Small screen size

  3. Commercial Four-Letter Word “Friction”

  4. A Bit About Human Memory Not so amazing

  5. Common PIN Your spouse’s birthday

  6. Love/Hate PINs

  7. What will users see

  8. Example User Mapping “Blu2thRules” “2582”

  9. Opportunistic Derivation Access; Truncate; Map; Store

  10. Special Characters ~1.5% Can be reduced

  11. Special Phones Need numeric pad

  12. Strong password, weak PIN “1234Brew$g”, “1begHELP”

  13. Password change? Dual Universes

  14. Measuring Security Raided Dropboxes

  15. Entropy of Derived PINs

  16. Special Characters

  17. Imagine PIN Theft

  18. Experiment What is Joe’s PIN? Joe uses a PIN to access his PayPal account from his phone. But he does not want to have to remember another number, and he does not want to reuse his banking PIN. So he uses PayPal’s new “password to PIN” feature so that he only has to remember his password. Joe’s password is “Blu2thrules”. Look at the screen-shot below and let us know what PIN he should enter.

  19. Usability of Derived PINs25-subject Qualitative study

  20. Usability of Derived PINs100-subject Quantitative study

  21. Other things I pitch Address web/app spoofing: www.SpoofKiller.com Mobile-friendly passwords: www.fastword.me Mobile malware detection: www.fatskunk.com Etc: www.markus-jakobsson.com

More Related