Skip to main content
Ontario Tech acknowledges the lands and people of the Mississaugas of Scugog Island First Nation.

We are thankful to be welcome on these lands in friendship. The lands we are situated on are covered by the Williams Treaties and are the traditional territory of the Mississaugas, a branch of the greater Anishinaabeg Nation, including Algonquin, Ojibway, Odawa and Pottawatomi. These lands remain home to many Indigenous nations and peoples.

We acknowledge this land out of respect for the Indigenous nations who have cared for Turtle Island, also called North America, from before the arrival of settler peoples until this day. Most importantly, we acknowledge that the history of these lands has been tainted by poor treatment and a lack of friendship with the First Nations who call them home.

This history is something we are all affected by because we are all treaty people in Canada. We all have a shared history to reflect on, and each of us is affected by this history in different ways. Our past defines our present, but if we move forward as friends and allies, then it does not have to define our future.

Learn more about Indigenous Education and Cultural Services

October 22, 2014

Speaker: Chris Bonk, Ontario Tech University Master of Science student

Title: StoryPass: A System for Secure and Memorable Passphrases

Abstract: StoryPass is a system for the study of secure and memorable passphrases that implements a new set of creation guidelines. We ran a 39-day user study at Ontario Tech with 39 users to study the use of passphrases in StoryPass. We built a custom algorithm to estimate the security of the passphrases gathered using n-grams from the Corpus of Contemporary American English. We were able to successfully estimate the security provided by 64 per cent of the passphrases against an offline guessing attack; those that were not given an estimate might be even more secure as they contained at least one unusual word which was not found  in COCA. In terms of usability, we allow users to login with imperfect passphrases,  an error tolerance of one incorrect character for every eight correct characters during login attempts ensured memory-based errors were the only cause of login failures. Memory-based errors were most often caused by using phrases with improper syntactic structure, improper grammar or easily reordered phrases. Our results suggest that using unusual words and sentence-like structure are key to making secure and memorable passphrases. Sixty-seven per cent of participants agreed they would use passphrases for some of their accounts and 71 per cent agreed their passphrase is more secure than a traditional password. The general consensus was that StoryPass passphrases are too secure for all accounts, but a good fit for high-security situations such as online banking or password managers.