| Computer Security Fundamentals (for majors) |
| Computer Systems Security (for non-majors) |
| Advanced Network Security |
| Course Content |
| Home |
| Welcome to Usable Security Education Project Home Page |
UPass -- Usable Password Authentication Simulator for StudentsUPassAPI is a library of authentication classes that can be used in web application programs. To use any authentication method, just instantiate the class and add that to the RootPanel of the web document. This way, students do not have to program the GUI or authentication logic starting from the scratch. We developed UPassAPI because the original UPass tool became too complex for students to program. After developing the UPassAPI we re-implemented the UPass tool with the UPassAPI. Simplified UPassAPI view for students
UPassAPI automatically takes care of the communication between the client and server and uninteresting details of authentication. Using UPassAPI for CS MajorsFor students, implementing a new password authentication mechanism in their applications involves three things:
If the modification is made for improving the usability, it can be generally accomplished by changing the GUI. Likewise, authentication logic generally enforces (the technical side of) password security. Any changes would then apply to PasswordTemplate. GUI logic is implemented at the client side and authentication logic is implemented at the server side. This way, we feel that students can implement their project quickly. We plan to test this hypothesis in the future. UI class has three flavors: PasswordRegistrationUI creates the password registration UI. PasswordPresentationUI creates the user Login page. PasswordConfigurationUI is used by admin to configure the authentication logic. For example, this interface can be used to set the minimum length of password (in textpassowrd), number of pictures per page (in passimage). When deploying for consumers only PasswordRegistrationUI and PasswordPresentationUI need to be deployed. Note that the tabs (Configure, Register, and Login) are created on the same page for demo purposes (shown in screenshots below). In reality, these objects can be instantiated and added anywhere on a Web document and thus be part of any web application that needs (usable) authentication. Using UPassAPI for non-CS-majorsNon-CS majors currently use UPass to experiment with simple password, cognitive password and passimage method. Passpoint is currently under implementation. Below are the screenshots.  Figure 1: "Passimage"  Figure 2: Cognitive Password Currently, Non-majors can experiment with the cognitive password, simple passwords and passimages using UPass GUI. In the future, GUIs can be setup using UPassAPI to do other tasks. There are some tools for building GUI without programming (e.g., GWT Designer) -- so that is another possibility for students to redesign login screens based on feedback obtained from usability testing. UPassAPI is currently under exploratory stage -- UPassAPI can be augmented by including more authentication classes. Besides the possibilities of using UPassAPI in the classroom, such a library will be useful for developing actual web applications that require usable authentication. |
| Usable Security Education © 2008 Stipes 447I Computer Science Department Western Illinois University 1 University Circle Macomb IL-61455 |
 |
 |
 |
This material is based upon work supported by the National Science Foundation under Grant No. 0736643. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.