Pass-sentence—a new approach to computer code
Computers and Security
Making Passwords Secure and Usable
HCI 97 Proceedings of HCI on People and Computers XII
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
Easily remembered passphrases: a better approach
ACM SIGSAC Review - Resources: part II
Have the cake and eat it too - Infusing usability into text-password based authentication systems
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Human selection of mnemonic phrase-based passwords
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Password security: an empirical study
Journal of Management Information Systems
The usability of passphrases for authentication: An empirical field study
International Journal of Human-Computer Studies
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
ACSW '07 Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68
Passphrase with Semantic Noises and a Proof on Its Higher Information Rate
CISW '07 Proceedings of the 2007 International Conference on Computational Intelligence and Security Workshops
Crowdsourcing user studies with Mechanical Turk
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Improving text passwords through persuasion
Proceedings of the 4th symposium on Usable privacy and security
Kwyjibo: automatic domain name generation
Software—Practice & Experience
The true cost of unusable password policies: password use in the wild
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Are your participants gaming the system?: screening mechanical turk workers
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Password strength: an empirical analysis
INFOCOM'10 Proceedings of the 29th conference on Information communications
Encountering stronger password requirements: user attitudes and behaviors
Proceedings of the Sixth Symposium on Usable Privacy and Security
Testing metrics for password creation policies by attacking large sets of revealed passwords
Proceedings of the 17th ACM conference on Computer and communications security
The security of modern password expiration: an algorithmic framework and empirical analysis
Proceedings of the 17th ACM conference on Computer and communications security
Popularity is everything: a new approach to protecting passwords from statistical-guessing attacks
HotSec'10 Proceedings of the 5th USENIX conference on Hot topics in security
Utility of human-computer interactions: toward a science of preference measurement
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Of passwords and people: measuring the effect of password-composition policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Improving usability through password-corrective hashing
SPIRE'06 Proceedings of the 13th international conference on String Processing and Information Retrieval
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes
SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
A Research Agenda Acknowledging the Persistence of Passwords
IEEE Security and Privacy
How does your password measure up? the effect of strength meters on password creation
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Designing leakage-resilient password entry on touchscreen mobile devices
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
On the ecological validity of a password study
Proceedings of the Ninth Symposium on Usable Privacy and Security
| Hi-index | 0.00 |
Users tend to create passwords that are easy to guess, while system-assigned passwords tend to be hard to remember. Passphrases, space-delimited sets of natural language words, have been suggested as both secure and usable for decades. In a 1,476-participant online study, we explored the usability of 3- and 4-word system-assigned passphrases in comparison to system-assigned passwords composed of 5 to 6 random characters, and 8-character system-assigned pronounceable passwords. Contrary to expectations, system-assigned passphrases performed similarly to system-assigned passwords of similar entropy across the usability metrics we examined. Passphrases and passwords were forgotten at similar rates, led to similar levels of user difficulty and annoyance, and were both written down by a majority of participants. However, passphrases took significantly longer for participants to enter, and appear to require error-correction to counteract entry mistakes. Passphrase usability did not seem to increase when we shrunk the dictionary from which words were chosen, reduced the number of words in a passphrase, or allowed users to change the order of words.