Rahul Chatterjee, Ari Juels, and Tom Ristenpart, together with MIT and Dropbox colleagues Anish Athalye, Devdatta Akhawe, won a Distinguished Student Paper Award from the 2016 IEEE Symposium on Security and Privacy ("Oakland") conference for "pASSWORD tYPOS and How to Correct Them Securely".
Technology Review reported on it an article entitled, "Why Autocorrect for Passwords Is a Great Idea: Letting people into their online accounts even when they mistype their password could make life easier without compromising security." Juels is quoted: "This is, in our view, a pretty big deal ... Websites should be changing their password policies to make users’ lives easier. The security degradation is pretty small" if, the article states, the "autocorrect" is "implemented in a way that takes into account how people choose passwords and the typos they make". To guard against certain vulnerabilities, the researchers "created two typo-tolerant password checkers that won’t accept typos for certain passwords where it could be risky, based on information from leaked password lists."
The research was facilitated by gathering data on typos "by analyzing 24 hours of logins to Dropbox, which has hundreds of millions of users. Almost 10 percent of login attempts that failed did so due to a handful of easily correctable typos, such as leaving caps lock on. Some 3 percent of users who didn’t get into their accounts could have done so if autocorrect had covered the three most common typos: leaving caps lock on, using the wrong case for the first character, or deleting the last character.."
- About
- Events
- Calendar
- Graduation Information
- Cornell Learning Machines Seminar
- Student Colloquium
- BOOM
- Spring 2025 Colloquium
- Conway-Walker Lecture Series
- Salton 2024 Lecture Series
- Seminars / Lectures
- Big Red Hacks
- Cornell University - High School Programming Contests 2024
- Game Design Initiative
- CSMore: The Rising Sophomore Summer Program in Computer Science
- Explore CS Research
- ACSU Research Night
- Cornell Junior Theorists' Workshop 2024
- People
- Courses
- Research
- Undergraduate
- M Eng
- MS
- PhD
- Admissions
- Current Students
- Computer Science Graduate Office Hours
- Advising Guide for Research Students
- Business Card Policy
- Cornell Tech
- Curricular Practical Training
- A & B Exam Scheduling Guidelines
- Fellowship Opportunities
- Field of Computer Science Ph.D. Student Handbook
- Graduate TA Handbook
- Field A Exam Summary Form
- Graduate School Forms
- Instructor / TA Application
- Ph.D. Requirements
- Ph.D. Student Financial Support
- Special Committee Selection
- Travel Funding Opportunities
- Travel Reimbursement Guide
- The Outside Minor Requirement
- Diversity and Inclusion
- Graduation Information
- CS Graduate Minor
- Outreach Opportunities
- Parental Accommodation Policy
- Special Masters
- Student Spotlights
- Contact PhD Office