User authentication by cognitive passwords: an empirical assessment
JCIT Proceedings of the fifth Jerusalem conference on Information technology
Human-computer cryptography: an attempt
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Communications of the ACM
Secure Human Identification Protocols
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The domino effect of password reuse
Communications of the ACM - Human-computer etiquette
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
A convenient method for securely managing passwords
WWW '05 Proceedings of the 14th international conference on World Wide Web
Cognitive Authentication Schemes Safe Against Spyware (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Quality of Password Management Policy
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Human selection of mnemonic phrase-based passwords
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Improving password security and memorability to protect personal and organizational information
International Journal of Human-Computer Studies
A survey of passwords from 2007 to 2009
2009 Information Security Curriculum Development Conference
Using and managing multiple passwords: A week to a view
Interacting with Computers
Cracking associative passwords
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Measuring password guessability for an entire university
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
A well-established truth regarding password authentication is that easily remembered passwords are weak. This study demonstrates that this is not necessarily true. Users can be encouraged to design strong passwords, using elements associated with a given service, together with a personal factor. Regulatory bodies and information security experts are often asked the question: "what is a good password?" We claim that this is not the right question; it should be: "how can one design multiple passwords that are strong and memorable at the same time?" This paper presents guidelines for password design that combine a Personal Factor with an element associated to the login site. Analysis of the passwords generated by a group of volunteers and their ability to recall multiple passwords at later moments in time show that one can actually achieve good memorability of strong and unique passwords.