Cognitive passwords: the key to easy access control
Computers and Security
Pass-sentence—a new approach to computer code
Computers and Security
Communications of the ACM
Passwords decay, words endure: secure and re-usable multiple password mnemonics
Proceedings of the 2007 ACM symposium on Applied computing
Helping users create better passwords: is this the right approach?
Proceedings of the 3rd symposium on Usable privacy and security
On predictive models and user-drawn graphical passwords
ACM Transactions on Information and System Security (TISSEC)
Password policy simulation and analysis
Proceedings of the 2007 ACM workshop on Digital identity management
Memorability of persuasive passwords
CHI '08 Extended Abstracts on Human Factors in Computing Systems
Human-seeded attacks and exploiting hot-spots in graphical passwords
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Improving text passwords through persuasion
Proceedings of the 4th symposium on Usable privacy and security
Persuasion for Stronger Passwords: Motivation and Pilot Study
PERSUASIVE '08 Proceedings of the 3rd international conference on Persuasive Technology
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Influencing users towards better passwords: persuasive cued click-points
BCS-HCI '08 Proceedings of the 22nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction - Volume 1
Helping users create and remember more secure text passwords
BCS-HCI '08 Proceedings of the 22nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction - Volume 2
TapSongs: tapping rhythm-based passwords on a single binary sensor
Proceedings of the 22nd annual ACM symposium on User interface software and technology
Computer Usage by Children with Down Syndrome: Challenges and Future Research
ACM Transactions on Accessible Computing (TACCESS)
Password strength: an empirical analysis
INFOCOM'10 Proceedings of the 29th conference on Information communications
Encountering stronger password requirements: user attitudes and behaviors
Proceedings of the Sixth Symposium on Usable Privacy and Security
The security of modern password expiration: an algorithmic framework and empirical analysis
Proceedings of the 17th ACM conference on Computer and communications security
Ethical concerns in computer security and privacy research involving human subjects
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
A diary study of password usage in daily life
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Proceedings of the 2011 workshop on New security paradigms workshop
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
WebTicket: account management using printable tokens
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Correct horse battery staple: exploring the usability of system-assigned passphrases
Proceedings of the Eighth Symposium on Usable Privacy and Security
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Investigating authentication methods used by individuals with down syndrome
Proceedings of the 14th international ACM SIGACCESS conference on Computers and accessibility
Password entry usability and shoulder surfing susceptibility on different smartphone platforms
Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia
Cracking associative passwords
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
On automated image choice for secure and usable graphical passwords
Proceedings of the 28th Annual Computer Security Applications Conference
Linguistic properties of multi-word passphrases
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Effect of grammar on security of long passwords
Proceedings of the third ACM conference on Data and application security and privacy
Does my password go up to eleven?: the impact of password meters on password selection
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
ACM Transactions on Accessible Computing (TACCESS)
Measuring password guessability for an entire university
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
Textual passwords are often the only mechanism used to authenticate users of a networked system. Unfortunately, many passwords are easily guessed or cracked. In an attempt to strengthen passwords, some systems instruct users to create mnemonic phrase-based passwords. A mnemonic password is one where a user chooses a memorable phrase and uses a character (often the first letter) to represent each word in the phrase.In this paper, we hypothesize that users will select mnemonic phrases that are commonly available on the Internet, and that it is possible to build a dictionary to crack mnemonic phrase-based passwords. We conduct a survey to gather user-generated passwords. We show the majority of survey respondents based their mnemonic passwords on phrases that can be found on the Internet, and we generate a mnemonic password dictionary as a proof of concept. Our 400,000-entry dictionary cracked 4% of mnemonic passwords; in comparison, a standard dictionary with 1.2 million entries cracked 11% of control passwords. The user-generated mnemonic passwords were also slightly more resistant to brute force attacks than control passwords. These results suggest that mnemonic passwords may be appropriate for some uses today. However, mnemonic passwords could become more vulnerable in the future and should not be treated as a panacea.