Improving usability of passphrase authentication

The combination of user-names and passwords has become the predominant method of user authentication in computer systems. Most users have multiple accounts on different systems, which impose different constraints on the length and complexity of passwords that the user is allowed to select. This is done to ensure an appropriate degree of security, but instead, it makes it difficult for users to remember their password, which results in passwords that are either insecure, but easy to remember, or written down on paper. In this paper we address the problem of usability in user authentication. We promote the use of passphrases, which provide better security and are often easier to remember than passwords. Passphrases will be significantly longer than passwords, which makes them more difficult to enter correctly on a keyboard. We solve this problem by proposing a new passphrase validation algorithm, which accepts the most common typing mistakes. The proposed algorithm has been implemented in secure hardware and integrated into a standard Unix system. We present the design, implementation and preliminary evaluation of the developed passphrase authentication prototype.