Advertisement

Consonant-Vowel-Consonants for Error-Free Code Entry

  • Nikola K. BlanchardEmail author
  • Leila Gabasova
  • Ted Selker
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11594)

Abstract

Codes and passwords are the bane of user experiences: even small mistakes can delay desired activities, causing undue frustration. Work on codes has focused on security instead of people’s ability to enter them error-free. Difficulties observed in a security demonstration motivated this investigation of code transcription difficulty. A pilot study with 33 subjects and a follow-up study with 267 subjects from 24 countries measured performance and preference for codes of varying lengths, patterns, and character sets.

We found that, for users of all languages, long codes with alternating consonant - vowel patterns were more accurately transcribed and are preferred over shorter numeric or alphabetic codes. Mixed-case and alphanumeric character sets both increased transcription errors.

The proposed CVC6 code design composed of six Consonant-Vowel-Consonant trigrams is faster to enter, more secure, preferred by users, and more impervious to user error when compared to codes typically used for security purposes. An extension integrates error detection and correction, essentially eliminating typos.

Keywords

Usable-security Error correcting codes Authentication User study 

References

  1. 1.
    Acquisti, A., et al.: Nudges for privacy and security: understanding and assisting users choices online. ACM Comput. Surv. 50(3), 1–41 (2017)CrossRefGoogle Scholar
  2. 2.
    Adsett, C.R., Marchand, Y.: Syllabic complexity: a computational evaluation of nine European languages. J. Quant. Linguist. 17(4), 269–290 (2010).  https://doi.org/10.1080/09296174.2010.512161CrossRefGoogle Scholar
  3. 3.
    Bellezza, F.S.: Mnemonic devices and memory schemas. In: McDaniel, M.A., Pressley, M. (eds.) Imagery and Related Mnemonic Processes, pp. 34–55. Springer, New York (1987).  https://doi.org/10.1007/978-1-4612-4676-3_2CrossRefGoogle Scholar
  4. 4.
    Bernard, M., Liao, C.H., Mills, M.: The effects of font type and size on the legibility and reading time of online text by older adults. In: CHI 2001 Extended Abstracts on Human Factors in Computing Systems, CHI EA 2001, pp. 175–176. ACM, New York (2001). http://doi.acm.org/10.1145/634067.634173
  5. 5.
    Blanchard, N.K.: Building trust for sample voting. International Journal of Decision Support System Technology (2018)Google Scholar
  6. 6.
    Borleffs, E., Maassen, B.A.M., Lyytinen, H., Zwarts, F.: Measuring orthographic transparency and morphological-syllabic complexity in alphabetic orthographies: a narrative review. Read. Writ. 30(8), 1617–1638 (2017).  https://doi.org/10.1007/s11145-017-9741-5CrossRefGoogle Scholar
  7. 7.
    Brostoff, S., Sasse, M.A.: Are passfaces more usable than passwords? a field trial investigation. In: McDonald, S., Waern, Y., Cockton, G. (eds.) People and Computers XIV – Usability or Else!, pp. 405–424. Springer, London (2000).  https://doi.org/10.1007/978-1-4471-0515-2_27CrossRefGoogle Scholar
  8. 8.
    Burr, W.E., et al.: Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology - Special Publication 800–63-1. CreateSpace Independent Publishing Platform, USA, U.S. Department of Commerce and National Institute of Standards and Technology (2012)Google Scholar
  9. 9.
    Cao, K., Jain, A.K.: Hacking mobile phones using 2D printed fingerprints. Technical report, Michigan State University (2016)Google Scholar
  10. 10.
    Cranor, L.F.: Time to rethink mandatory password changes (2016). https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
  11. 11.
    Garfinkel, S., Lipford, H.R.: Usable Security: History, Themes, and Challenges. Synthesis Lectures on Information Security, Privacy, and Trust. Morgan & Claypool Publishers, San Rafael (2014). https://books.google.fr/books?id=HPS9BAAAQBAJGoogle Scholar
  12. 12.
    Grissinger, M.: Avoiding confusion with alphanumeric characters. Pharm. Ther. 37(12), 663–665 (2012)Google Scholar
  13. 13.
    Hausawi, Y.M., Allen, W.H.: An assessment framework for usable-security based on decision science. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 33–44. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-07620-1_4CrossRefGoogle Scholar
  14. 14.
    Huh, J.H., Kim, H., Bobba, R.B., Bashir, M.N., Beznosov, K.: On the memorability of system-generated pins: Can chunking help? In: Eleventh Symposium On Usable Privacy and Security (SOUPS 2015), pp. 197–209. USENIX Association, Ottawa (2015)Google Scholar
  15. 15.
    Ives, B., Walsh, K.R., Schneider, H.: The domino effect of password reuse. Commun. ACM 47(4), 75–78 (2004).  https://doi.org/10.1145/975817.975820CrossRefGoogle Scholar
  16. 16.
    Keren, G., Baggen, S.: Recognition models of alphanumeric characters. Percept. Psychophys. 29(3), 234–246 (1981)CrossRefGoogle Scholar
  17. 17.
    de Leeuw, K.M.M., Bergstra, J.: The History of Information Security: A Comprehensive Handbook. Elsevier Science, Amsterdam (2007). https://books.google.fr/books?id=pQBrsonDp6cCGoogle Scholar
  18. 18.
    McCabe, J.A.: Learning and memory strategy demonstrations for the psychology classroom (2014). http://goblues.org/faculty/professionaldevelopment/files/2012/01/McCabe-2014-Learning-Memory-Demos1.pdf
  19. 19.
    Norman, D.A., Fisher, D.: Why alphabetic keyboards are not easy to use: keyboard layout doesn’t much matter. Hum. Factors 24(5), 509–519 (1982).  https://doi.org/10.1177/001872088202400502CrossRefGoogle Scholar
  20. 20.
    Pilar, D.R., Jaeger, A., Gomes, C.F.A., Stein, L.M.: Passwords usage and human memory limitations: a survey across age and educational background. PLoS One 7(12), (2012). http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3515440/. pONE-D-12-21406[PII]CrossRefGoogle Scholar
  21. 21.
    Reddy, P.V., Kumar, A., Rahman, S., Mundra, T.S.: A new antispoofing approach for biometric devices. IEEE Trans. Biomed. Circuits Syst. 2(4), 328–37 (2008)CrossRefGoogle Scholar
  22. 22.
    Ruiz-Albacete, V., Tome-Gonzalez, P., Alonso-Fernandez, F., Galbally, J., Fierrez, J., Ortega-Garcia, J.: Direct attacks using fake images in iris verification. In: Schouten, B., Juul, N.C., Drygajlo, A., Tistarelli, M. (eds.) BioID 2008. LNCS, vol. 5372, pp. 181–190. Springer, Heidelberg (2008).  https://doi.org/10.1007/978-3-540-89991-4_19CrossRefGoogle Scholar
  23. 23.
    Schiller, N.O.: Masked priming of sublexical units segments vs syllables. In: Steiner, F. (ed.) Advances in Phonetics : Proceedings of the International Phonetic Sciences Conference (IPS) (1999)Google Scholar
  24. 24.
    Shay, R., et al.: Correct horse battery staple: exploring the usability of system-assigned passphrases. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 7. ACM (2012)Google Scholar
  25. 25.
    Shay, R., et al.: Designing password policies for strength and usability. ACM Trans. Inf. Syst. Secur. 18(4), 1–34 (2016).  https://doi.org/10.1145/2891411CrossRefGoogle Scholar
  26. 26.
    Shay, R., et al.: Encountering stronger password requirements: user attitudes and behaviors. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS 2010, pp. 1–20. ACM, New York (2010). http://doi.acm.org/10.1145/1837110.1837113
  27. 27.
    Smith, D.F., Wiliem, A., Lovell, B.C.: Face recognition on consumer devices: reflections on replay attacks. IEEE Trans. Inf. Forensics Secur. 10, 736–745 (2015)CrossRefGoogle Scholar
  28. 28.
    Stenton, A.: The contribution of the computer to improving L2 oral production. an examination of the applied and theoretical research behind the swans authoring programme. Etudes en Didactique des Langues (19) (2012)Google Scholar
  29. 29.
    Ur, B., et al.: Design and evaluation of a data-driven password meter. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, CHI 2017, pp. 3775–3786. ACM, New York (2017)Google Scholar
  30. 30.
    Ur, B., Bees, J., Segreti, S.M., Bauer, L., Christin, N., Cranor, L.F.: Do users’ perceptions of password security match reality? In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, CHI 2016, pp. 3748–3760. ACM, New York (2016)Google Scholar
  31. 31.
    Whitman, M.E., Mattord, H.J.: Principles of Information Security, 4th edn. Course Technology Press, Boston (2011)Google Scholar
  32. 32.
    Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2(5), 25–31 (2004).  https://doi.org/10.1109/MSP.2004.81CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Nikola K. Blanchard
    • 1
    Email author
  • Leila Gabasova
    • 2
  • Ted Selker
    • 3
  1. 1.Institut de Recherche en Informatique Fondamentale, Université Paris DiderotParisFrance
  2. 2.Institut de Planétologie et d’Astrophysique de GrenobleSaint-Martin-d’HéresFrance
  3. 3.University of MarylandBaltimore CountyUSA

Personalised recommendations