2nd TIPPI Workshop

Trustworthy Interfaces for Passwords and Personal Information

Speaker: Pat Lareau, Passfaces Corp.

Title: Web Wallet: Preventing Phishing Attacks by Revealing User Intention

The fate of authentication secrets in the hands of users has stymied authentication system designers for decades. The onslaught of consumer-facing, online applications that demand reliable authentication underscores the need to achieve both security and usability in the authentication process. Passfaces challenges the commonly-held assumption that there is an inevitable trade-off between these two objectives. Starting with a consideration of the basic requirements for an "ideal" user secret, we demonstrate that a system using a set of pictures of human faces as that secret brings about significant improvements in both security and usability when compared to text passwords. We then show how some simple refinements of our "Passfaces" system can provide a highly trustworthy user interface that does not rely on the intelligence, training or attentiveness of the user for its integrity.

Patricia has been active in the Information Security field, in both public and private service, for 20 years. She is currently the Vice President of Product Management for Passfaces Corporation. Previously Patricia was the Managing Director of InfoGard, a NIST/NIAP Accredited Security Lab. Patricia also spent 14 years with the National Security Agency functioning in technical, diplomatic, and executive management positions. She has participated as a technical expert in the development of international banking security standards. Patricia earned her B.S. in Mathematics from Boston College and her M.S. in Mathematics from the University of Maryland.

Back to TIPPI workshop page