基于中文句法的口令助记策略

助记策略用于帮助用户生成安全性较高且易于记忆的口令,近年来受到中外学者的广泛关注。现有助记策略多存在安全性低、不便记忆等问题。现提出一种基于中文句法的口令助记策略,用户选择一个易于记忆的句子作助记句,利用预定义规则或基于用户的选择,将其转换为口令,通过对照实验评估了其性能。采用马尔可夫链模型等性能评估工具,将实验中收集的口令与大量真实口令进行对比、分析,评估该助记策略的安全性和易用性。在易用性方面,NASA-TLX量表结果显示,虽然使用助记策略在生成口令阶段的负荷量偏高,但在短期可记忆性和长期可记忆性方面,是否使用助记策略没有明显的差别。此外,在安全性方面,所有口令强度评估结果均表明,该助记策略生成的口令强度远高于真实口令。在将助记句转化为口令的同时,本策略隐藏了个人敏感信息,降低了因个人信息泄露而导致口令泄露的风险,提高了方案的安全性。

Chinese Sentence-based Password Mnemonic Strategy

Mnemonic strategy is used to help users to generate secure and memorable passwords; this topic has attracted extensive interests from worldwide researchers in recent years. Most of the existing mnemonic strategies have some problems such as low security and inconvenient memory. This paper presents a Chinese sentence-based password mnemonic strategy, the user selects a memorable sentence as a mnemonic sentence, and then converts it into a password based on predefined rules or the user''s choice, and we evaluate its performance by a control experiment. To evaluate the security and usability of the mnemonic strategy, we use performance assessment tools such as the Markov chain model, to compare the generated passwords with a large number of real-world passwords. In terms of usability, NASA-TLX shows that although the workloads required in our mnemonic strategy are higher than those from non-strategy in password generation phase, whether to use mnemonic strategies has no significant difference in short-term memory and long-term memory. In addition, in terms of security, all password strength assessment tools show that the passwords generated by our mnemonic strategy are stronger than the real-world passwords. While converting the mnemonic sentence into a password, this strategy hides personal sensitive information, so it reduces the risk of password leakage due to personal information leakage, and improves the security of the strategy.