Passwords are still the first line of defense in many computer systems, hence they have a critical place among the security vulnerabilities that involve human aspects. In this talk, I will present a scheme that reconciles the apparent contradictory requirements from most password policies: That the password should be random, and that they should be memorized and never written down. The scheme is applicable to any existing text-based password authentication mechanism and requires neither any modification to the infrastructure, nor any out of band computing device at hand (not even a calculator). I will also describe a new authentication mechanism that provides mutual authentication between the user and the system even in "input constrained environments", e.g. users with motor disabilities, small electronic devices, or non-private environments.

This talk is intended for a general audience, computer scientists and anyone working in Information Security and Natural Language Processing.


SPEAKER BIO:
Umut Topkara is a post-doctoral researcher at the Polytechnic Institute of NYU. His research interests lie at the confluence of Information Security, Natural Language Processing and Computer-Human Interaction, specifically their intersection in the field of Usable Security. He has received his PhD from the Computer Science Department of Purdue University in 2007. More recently, he has been post-doctoral researcher at Carnegie Mellon University and worked on machine learning solutions to phishing. He got his B.Sc. and M.Sc. degrees from Computer Engineering Department of Bilkent University in Turkey. More information about Dr. Topkara's research is available at http://umut.topkara.org