The security and memorability of passwords generated by using an association element and a personal factor

Authors:
Kirsi Helkala;Nils Kalstad Svendsen
Affiliations:
Gjøvik University College, Norway;Gjøvik University College, Norway
Venue:
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Year:
2011

Citing 16
Cited 2

User authentication by cognitive passwords: an empirical assessment

JCIT Proceedings of the fifth Jerusalem conference on Information technology
Human-computer cryptography: an attempt

CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Users are not the enemy

Communications of the ACM
Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security

BT Technology Journal
Secure Human Identification Protocols

ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The domino effect of password reuse

Communications of the ACM - Human-computer etiquette
Password Memorability and Security: Empirical Results

IEEE Security and Privacy
A convenient method for securely managing passwords

WWW '05 Proceedings of the 14th international conference on World Wide Web
Cognitive Authentication Schemes Safe Against Spyware (Short Paper)

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Quality of Password Management Policy

ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Human selection of mnemonic phrase-based passwords

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Déjà Vu: a user study using images for authentication

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
The design and analysis of graphical passwords

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Improving password security and memorability to protect personal and organizational information

International Journal of Human-Computer Studies
A survey of passwords from 2007 to 2009

2009 Information Security Curriculum Development Conference
Using and managing multiple passwords: A week to a view

Interacting with Computers

Cracking associative passwords

NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Measuring password guessability for an entire university

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

A well-established truth regarding password authentication is that easily remembered passwords are weak. This study demonstrates that this is not necessarily true. Users can be encouraged to design strong passwords, using elements associated with a given service, together with a personal factor. Regulatory bodies and information security experts are often asked the question: "what is a good password?" We claim that this is not the right question; it should be: "how can one design multiple passwords that are strong and memorable at the same time?" This paper presents guidelines for password design that combine a Personal Factor with an element associated to the login site. Analysis of the passwords generated by a group of volunteers and their ability to recall multiple passwords at later moments in time show that one can actually achieve good memorability of strong and unique passwords.