Authenticating users by word associations
Computers and Security
Cognitive passwords: the key to easy access control
Computers and Security
IEEE Transactions on Pattern Analysis and Machine Intelligence
Communications of the ACM
Password security: a case history
Communications of the ACM
The domino effect of password reuse
Communications of the ACM - Human-computer etiquette
Password policy: the good, the bad, and the ugly
WISICT '04 Proceedings of the winter international synposium on Information and communication technologies
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
Easily remembered passphrases: a better approach
ACM SIGSAC Review - Resources: part II
Password security: an empirical study
Journal of Management Information Systems
A Method for the Correction of Garbled Words Based on the Levenshtein Metric
IEEE Transactions on Computers
Re-examining perceived ease of use and usefulness
MIS Quarterly
Protecting poorly chosen secrets from guessing attacks
IEEE Journal on Selected Areas in Communications
Securing passfaces for description
Proceedings of the 4th symposium on Usable privacy and security
Influencing users towards better passwords: persuasive cued click-points
BCS-HCI '08 Proceedings of the 22nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction - Volume 1
Building a better password: the role of cognitive load in information security training
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Encountering stronger password requirements: user attitudes and behaviors
Proceedings of the Sixth Symposium on Usable Privacy and Security
Using and managing multiple passwords: A week to a view
Interacting with Computers
International Journal of Human-Computer Studies
Rational security: Modelling everyday password use
International Journal of Human-Computer Studies
Correct horse battery staple: exploring the usability of system-assigned passphrases
Proceedings of the Eighth Symposium on Usable Privacy and Security
Password entry usability and shoulder surfing susceptibility on different smartphone platforms
Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia
Video-passwords: advertising while authenticating
Proceedings of the 2012 workshop on New security paradigms
Linguistic properties of multi-word passphrases
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
An Expert Panel Approach on Developing a Unified System Authentication Benchmarking Index
International Journal of Interdisciplinary Telecommunications and Networking
| Hi-index | 0.00 |
In developing password policies, IT managers must strike a balance between security and memorability. Rules that improve structural integrity against attacks may also result in passwords that are difficult to remember. Recent technologies have relaxed the 8-character password constraint to permit the creation of longer pass-''phrases'' consisting of multiple words. Longer passphrases are attractive because they can improve security by increasing the difficulty of brute-force attacks and they might also be easy to remember. Yet, no empirical evidence concerning the actual usability of passphrases exists. This paper presents the results of a 12-week experiment that examines users' experience and satisfaction with passphrases. Results indicate that passphrase users experienced a rate of unsuccessful logins due to memory recall failure similar to that of users of self-generated simple passwords and stringent passwords. However, passphrase users had more failed login attempts due to typographical errors than did users of either simple or highly secure passwords. Moreover, although the typographical errors disappeared over time, passphrase users' initial problems negatively affected their end-of-experiment perceptions.