naturally rehearsing passwords jeremiah blocki nsf trust october 2013 manuel blum anupam datta
TRANSCRIPT
![Page 1: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/1.jpg)
Naturally Rehearsing Passwords
Jeremiah BlockiNSF TRUST
October 2013
Manuel Blum Anupam Datta
![Page 2: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/2.jpg)
2
Password Management
Competing Goals:Securit
y
Usabilit
y…
![Page 3: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/3.jpg)
3
A Challenging Problem
• Traditional Security Advice
Not too short
Use mix of lower/upper case letters
Change your passwords every 90 days
Use numbers and letters
Don’t use words/names
Use special symbols
Don’t Write it Down
Don’t Reuse Passwords
![Page 4: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/4.jpg)
4
Experiment #0
• Memorize the following string
L~;z&K5De
![Page 5: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/5.jpg)
5
Memory Experiment 1Person Alan Turing
Action Kissing
Object Piranha
![Page 6: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/6.jpg)
Memory Experiment 2Person Bill GatesAction swallowing
Object bike
![Page 7: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/7.jpg)
7
Outline
• Introduction and Experiments
• Example Password Management Schemes
• Quantifying Usability
• Quantifying Security
• Our Password Management Scheme
![Page 8: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/8.jpg)
8
Password Management
Competing Goals:Securit
y
Usabilit
y…
![Page 9: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/9.jpg)
Scheme 1: Reuse Strong Password
• Pick four random words w1,w2,w3,w4
Account Amazon Ebay
Password w1w2w3w4 w1w2w3w4
![Page 10: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/10.jpg)
Scheme 2: Strong Random Independent
Four Independent Random Words per Account
Account Amazon Ebay
Password w1w2w3w4 x1x2x3x4
![Page 11: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/11.jpg)
Questions
• How can we evaluate password management strategies?– Quantify Usability– Quantify Security
• Can we design password management schemes which balance security and usability considerations?
![Page 12: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/12.jpg)
14
Outline• Introduction and Experiments
• Example Password Management Schemes
• Quantifying Usability– Human Memory– Rehearsal Requirement– Visitation Schedule
• Quantifying Security
• Our Password Management Scheme
![Page 13: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/13.jpg)
15
Human Memory is Semantic
• Memorize: nbccbsabc
• Memorize: tkqizrlwp
• 3 Chunks vs. 9 Chunks!
• Usability Goal: Minimize Number of Chunks
Source: The magical number seven, plus or minus two [Miller, 56]
![Page 14: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/14.jpg)
16
Human Memory is Associative
?
![Page 15: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/15.jpg)
17
Cues
• Cue: context when a memory is stored
• Surrounding Environment– Sounds– Visual Surroundings– Web Site– ….
• As time passes we forget some of this context…
![Page 16: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/16.jpg)
Human Memory is Lossy
• Rehearse or Forget!– How much work?
• Quantify Usability– Rehearsal Assumption
pamazon
pgoogle
????
18
![Page 17: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/17.jpg)
Quantifying Usability
• Human Memory is Lossy– Rehearse or Forget!– How much work does this take?
• Rehearsal Assumptions
• Visitation Schedule– Natural Rehearsal for frequently visited accounts
![Page 18: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/18.jpg)
Rehearsal Requirement
Expanding Rehearsal Assumption: user maintains cue-association pair by rehearsing during each interval [si, si+1].
Day: 1 2 4 5 8
Visit Amazon: Natural Rehearsal
Xt: extra rehearsals to maintain all passwords for t days.
20
![Page 19: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/19.jpg)
Rehearsal Requirement
Day: 1 2 4 5 8
Xt: extra rehearsals to maintain all passwords for t days.
Reuse Password
Independent Passwords
X8 0 2
![Page 20: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/20.jpg)
Poisson Process with parameter 𝞴
Cue shared by Amazon and Google+ 𝞴
Visitation Schedule
22
t1 t2 t2
![Page 21: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/21.jpg)
Visitation Schedule
User =1 (daily)
=1/3 (biweekly)
=1/7(weekly)
=1/31 (monthly)
=1/365 (annual)
Active 10 10 10 10 35Typical 5 10 10 10 40Occasional 2 10 20 20 23Infrequent 0 2 5 10 58
Number of accounts visited with frequency
Day: 2 4 5 8
Poisson Process with parameter Amazon Google
![Page 22: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/22.jpg)
24
Usability ResultsReuseStrong + Lifehacker
Strong Random Independent
Active 0.023 420Typical 0.084 456.6Occasional 0.12 502.7Infrequent 1.2 564
E[X365]: Extra Rehearsals to maintain all passwords over the first year.
Usable Unusable
![Page 23: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/23.jpg)
25
Valuable Resources Protected by Passwords
![Page 24: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/24.jpg)
26
Outline• Introduction and Experiments
• Example Password Management Schemes
• Quantifying Usability
• Quantifying Security– Background– Failed Ideas– Our Approach: Security as a Game
• Our Password Management Scheme
![Page 25: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/25.jpg)
27
Security (what could go wrong?)
Online Offline Phishing
Danger
Three Types of Attacks
![Page 26: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/26.jpg)
28
Online Attack
password
123456
123456
Guess Limit: k-strikes policy
![Page 27: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/27.jpg)
29
Offline Dictionary Attack
Username
jblocki
+
jblocki, 123456
SHA1(12345689d978034a3f6)=85e23cfe0021f584e3db87aa72630a9a2345c062
Hash
85e23cfe0021f584e3db87aa72630a9a2345c062
Salt
89d978034a3f6
![Page 28: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/28.jpg)
30
Plaintext Recovery Attack
PayPaul.compwd
pwd
![Page 29: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/29.jpg)
31
Snowball Effect
Source: CERT Incident Note IN-98.03: Password Cracking Activity
PayPaul.com+
pwd
pwd
![Page 30: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/30.jpg)
35
Our Security Approach
• Dangerous World Assumption– Not enough to defend against existing adversaries– Adversary can adapt after learning the user’s new
password management strategy
• Provide guarantees even when things go wrong– Offline attacks should fail with high probability– Limit damage of a successful phishing attack
![Page 31: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/31.jpg)
+
Security as a Game
PayPaul.com
q$1,000,000 guesses
p5
Sha1(p4)p5
p4
p3
p2
p1
![Page 32: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/32.jpg)
37
The Adversary’s Game
• Adversary can compromise at most r sites (phishing).
• Adversary can execute offline attacks against at most h additional sites – Resource Constraints => at most q guesses
• Adversary wins if he can compromise any new sites.
pwd
Sha1(pwd)
![Page 33: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/33.jpg)
38
(q,,m,s,r,h)-Security
For any adversary Adv
r = # h = #
Offline Attack AccountsPhishing Attack Accounts
q = # offline guesses
m = # of accounts
s = # online guesses
![Page 34: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/34.jpg)
39
Example: (q,,m,3,1,1)-Security
PayPaul.com
+q guessesr=1
h=1
![Page 35: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/35.jpg)
Security Results
(q$1,000,000,,m,3,r,h)-security
Attacks r= 1 r= 1 h=1
r=2
Reuse No No No No
Strong Random Independent
Yes Yes Yes YesUsable + Insecure
Unusable + Secure
![Page 36: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/36.jpg)
41
Outline
• Introduction and Experiments
• Example Password Management Schemes
• Quantifying Usability
• Quantifying Security
• Our Password Management Scheme
![Page 37: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/37.jpg)
Our Approach
Object: bike
Public Cue Private
Action: kicking
Object: penguin
![Page 38: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/38.jpg)
LoginPw
d
Kic+Pen + Tor + Lio + ...
…
![Page 39: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/39.jpg)
LoginPw
d
Kic+Pen + ….
…
![Page 40: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/40.jpg)
Sharing Cues
• Usability Advantages– Fewer stories to remember!– More Natural Rehearsals!
• Security?
Day: 1 2 4 5 8
49
![Page 41: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/41.jpg)
(n,l,)-Sharing Set Family
Definition: A (n,l,)-Sharing Set Family of size m is a family of sets {S1,…,Sm} with the following properties
n𝜸
n
𝑺𝒊
𝑺 𝒋
𝒍𝒍
![Page 42: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/42.jpg)
(n,l,)-Sharing Set Family
m – number of passwords {S1,…,Sm}.
n – total #PAO storiesl – #PAO stories for each site– max intersection – PAO stories for account i.
n𝜸
n
𝒍𝑺𝒊
𝑺 𝒋
𝒍
![Page 43: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/43.jpg)
Security Results
(q$1,000,000,,m,3,r,h)-security
Attacks r= 1 r= 1 h=1
r=2
(n,4,4)-Sharing[Reuse]
No No No No
(n,4,0)-Sharing[Independent]
Yes Yes Yes Yes
(n,4,1)-Sharing[SC-1]
Yes Yes Yes No
(n,4,3)-Sharing[SC-0]
Yes No Yes No
![Page 44: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/44.jpg)
53
Sharing Cues
Thm: There is a (43,4,1)-Sharing Set Family of size m=90, and a (9,4,3)-Sharing Set Family of size 126
• Proof? – Chinese Remainder Theorem!– Notice that 43 = 9+10+11+13 where 9, 10, 11, 13 are
pair wise coprime.– Ai uses cues: {i mod 9, i mod 10, i mod 11, i mod 13}
![Page 45: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/45.jpg)
Chinese Remainder Theorem
By the Chinese Remainder Theorem there is a unique number x s.t
1) 2) 3)
Hence, for accounts Ai and Aj cannot use the same red cue and blue cue.
![Page 46: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/46.jpg)
Example (Account #80)Red Set (9 Cues) Blue Set (10 Cues) Green Set (11 Cues) Purple Set (13 Cues)
Cue 0 Cue 0 Cue 0 Cue 0
Cue 1 Cue 1 Cue 1 Cue 1
Cue 2 Cue 2 Cue 2 Cue 2Cue 3 Cue 3 Cue 3 Cue 3
Cue 4 Cue 4 Cue 4 Cue 4
Cue 5 Cue 5 Cue 5 Cue 5
Cue 6 Cue 6 Cue 6 Cue 6
Cue 7 Cue 7 Cue 7 Cue 7
Cue 8 Cue 8 Cue 8 Cue 8
Cue 9 Cue 9 Cue 9
Cue 10 Cue 10
Cue 11
Cue 12
![Page 47: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/47.jpg)
Example (Account #80)
Cue 8 Cue 0 Cue 3 Cue 2Password 80 Secret 8 Secret 0 Secret 3 Secret 2
Public Cue for Account 80
![Page 48: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/48.jpg)
57
Usability ResultsReuse Strong Random
IndependentSC-1 SC-0
Active 0 420 3.93 0Typical 0 456.6 10.89 0Occasional 0 502.7 22.07 0Infrequent 1.2 564 119.77 2.44
E[X365]: Extra Rehearsals to maintain all passwords over the first year.
![Page 49: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/49.jpg)
Security Results
(q$1,000,000,,m,3,r,h)-security
Attacks r= 1 r= 1 h=1
r=2
(n,4,4)-Sharing[Reuse]
No No No No
(n,4,0)-Sharing[Independent]
Yes Yes Yes Yes
(n,4,1)-Sharing[SC-1]
Yes Yes Yes No
(n,4,3)-Sharing[SC-0]
Yes No Yes No
Usable + Insecure
Unusable + Secure
Usable + Secure
Usable + Secure
![Page 50: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/50.jpg)
59
Experiment #0
• Can anybody remember the 10 character password?
L~;z&K5De
![Page 51: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/51.jpg)
60
Memory Experiment 1
![Page 52: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/52.jpg)
Memory Experiment 2
![Page 54: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/54.jpg)
Backup Slides
![Page 55: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/55.jpg)
User Study
• Validity of Expanding Rehearsal Assumption
• Mnemonic Devices and Rehearsal Schedules
• Collaborate with CyLab Usable Privacy and Security group (CUPS)
![Page 56: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/56.jpg)
User Study Protocol
• Memorization Phase (5 minutes):– Participants asked to memorize four randomly selected
person-action object stories.
• Rehearsal Phase (90 days):– Participants periodically asked to return and rehearse
their stories (following rehearsal schedule)
![Page 57: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/57.jpg)
Password Managers?
![Page 58: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/58.jpg)
Limited Protection
![Page 59: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/59.jpg)
Limited Protection
![Page 60: Naturally Rehearsing Passwords Jeremiah Blocki NSF TRUST October 2013 Manuel Blum Anupam Datta](https://reader036.vdocument.in/reader036/viewer/2022062314/56649d215503460f949f6e24/html5/thumbnails/60.jpg)