Textual passwords are the Achilles’ heel of today’s information systems. They are generated and managed by users, who are not aware of the importance of safe passwords. There has been no change in the field of password security in the last 35 years, ever since Morris and Thompson identified the main disadvantages of textual passwords and published the article in the late seventies. Textual passwords are strings of alphanumeric characters that a user has to remember. PsychoPass method is based on the idea of the user remembering the graphical representation of the characters on the keyboard, rather than the characters themselves. Such a representation is mentally less demanding, and thus more memorable. In the article, the security analysis of the PsychoPass method and its improvement is presented. With the improved PsychoPass method, it is possible to generate easily memorable passwords that are comparable to randomly generated passwords of a particular length. At the same time, the distinction between randomly generated passwords and PsychoPass passwords is not simple, which severely hinders the attack using a specially-dedicated dictionary.
Brumen B, Heričko M, Rozman I, Hölbl M. Security Analysis and Improvements to the PsychoPass Method. J Med Internet Res 2013;15(8):e161. URL: http://www.jmir.org/2013/8/e161/, doi: 10.2196/jmir.2366 (first journal in the field of medical informatics according to JCR IF)