BSidesLV 2016 has ended
Welcome to BSidesLV 2016, our 8th annual BSides in beautiful Las Vegas, Nevada!
Wednesday, August 3 • 15:00 - 15:50
Passphrases for Humans: A Cultural Approach to Passphrase Wordlist Generation

Sign up or log in to save this to your schedule and see who's attending!

The idea of using passphrases for storing stronger secrets has been around since at least 1982, yet little work has been done to improve the usability of this method. Diceware, the de facto method and passphrase wordlist, contains wonderfully easy to remember words such as “aeneid”, “zh”, and “$$” (Let’s not get started on “h”, “hh”, “hhh” and “hhhh”). Moreover, extended language support for Diceware is often based on translations of the original wordlist, which contains numerous Americanisms such as “howdy”, “hubbub”, and “Boise”.

In this talk, we will discuss the problems facing passphrases in the present, and propose alternative approaches to passphrase wordlist generation. We will discuss our our own method for creating localized wordlists and how this method is being tested using Peerio as a real-world test site and analyzed by our academic partners. Specifically, we argue that accounting for cultural and social variables in language usage can provide stronger, more memorable, and in some cases shorter passphrases than existing models. Finally, we would like to open the discussion to assess possible faults with this method, identify potential improvements, and consider other ways in which we as a community can collaboratively improve the overall user experience of passphrases.

avatar for Florencia Herra-Vega

Florencia Herra-Vega

CTO, Peerio
I’m a backend developer who enjoys explaining complex systems to anyone who will listen. I get excited about distributed systems and intuitive user interfaces. I’ve also been running community education programming on topics ranging from sexual health to introductions to coding... Read More →
avatar for Skylar Nagao

Skylar Nagao

Product Manager, Peerio
A humanities geek who became interested in privacy after years of studying Foucault, panopticism, and post-structuralist theories of power. In attempts to become less arcane in daily conversation, this interest evolved into taking up critical literature studies focusing on how science-fiction... Read More →

Wednesday August 3, 2016 15:00 - 15:50
Passwords16 Tuscany