David Huang

Abstract:  This thesis introduces a novel password generation algorithm that aligns user-specified password composition policies (PCPs) with those required by websites, aiming to enhance security and usability. Traditional password generators focus on maximizing entropy but often neglect user ease, producing passwords that are either too complex to remember or too simple to be secure. Our research proposes a user-centric interface and algorithm that integrates the PCPs articulated by users with website requirements, facilitating a balance between security and convenience. We developed a system architecture that includes a baseline interface inspired by existing password generators and an advanced, user-centric interface that collects comprehensive user data, such as sensitivity preferences and device usage. Our methodology involves experimental testing to evaluate the algorithm’s security and functionality. Initial tests confirm that our algorithm can merge different PCPs and produce compliant, secure passwords. Our work not only demonstrates the feasibility of a user-centric approach to password generation but also highlights its practical benefits. By emphasizing enhanced security and user satisfaction without overcomplicating the user experience, our approach paves the way for a more secure and user-friendly digital landscape, instilling optimism about its potential implementation.

• Download paper