• The usability of passphrases f...

Result: The usability of passphrases for authentication : An empirical field study

Title:
The usability of passphrases for authentication : An empirical field study
Authors:
KEITH, Mark, SHAO, Benjamin, STEINBART, Paul John
Source:
Information security in the knowledge economyInternational journal of human-computer studies. 65(1):17-28
Publisher Information:
London: Elsevier, 2007.
Publication Year:
2007
Physical Description:
print, 39 ref
Original Material:
INIST-CNRS
Subject Terms:
Computer science, Informatique, Psychology, psychopathology, psychiatry, Psychologie, psychopathologie, psychiatrie, Sciences exactes et technologie, Exact sciences and technology, Sciences appliquees, Applied sciences, Informatique; automatique theorique; systemes, Computer science; control theory; systems, Logiciel, Software, Systèmes informatiques et systèmes répartis. Interface utilisateur, Computer systems and distributed systems. User interface, Organisation des mémoires. Traitement des données, Memory organisation. Data processing, Gestion des mémoires et des fichiers (y compris la protection et la sécurité des fichiers), Memory and file management (including protection and security), Authentification, Authentication, Autenticación, Contrôle accès, Access control, Interface utilisateur, User interface, Interfase usuario, Intégrité, Integrity, Integridad, Mot de passe, Password, Contraseña, Méthode empirique, Empirical method, Método empírico, Satisfaction, Satisfacción, Système réparti, Distributed system, Sistema repartido, Sécurité informatique, Computer security, Seguridad informatica, Utilisabilité, Usability, Usabilidad, Passphrases, Passwords, Security: Memory
Document Type:
Conference Conference Paper
File Description:
text
Language:
English
Author Affiliations:
Department of Information Systems, W. P. Carey School of Business, Arizona State University, Box 4606, Tempe, AZ 85287-4606, United States
ISSN:
1071-5819
Access URL:
http://pascal-francis.inist.fr/vibad/index.php?action=search&terms=18357098
Rights:
Copyright 2007 INIST-CNRS
CC BY 4.0
Sauf mention contraire ci-dessus, le contenu de cette notice bibliographique peut être utilisé dans le cadre d’une licence CC BY 4.0 Inist-CNRS / Unless otherwise stated above, the content of this bibliographic record may be used under a CC BY 4.0 licence by Inist-CNRS / A menos que se haya señalado antes, el contenido de este registro bibliográfico puede ser utilizado al amparo de una licencia CC BY 4.0 Inist-CNRS
Notes:
Computer science; theoretical automation; systems
Accession Number:
edscal.18357098
Database:
PASCAL Archive

Further Information

In developing password policies, IT managers must strike a balance between security and memorability. Rules that improve structural integrity against attacks may also result in passwords that are difficult to remember. Recent technologies have relaxed the 8-character password constraint to permit the creation of longer pass-phrases consisting of multiple words. Longer passphrases are attractive because they can improve security by increasing the difficulty of brute-force attacks and they might also be easy to remember. Yet, no empirical evidence concerning the actual usability of passphrases exists. This paper presents the results of a 12-week experiment that examines users' experience and satisfaction with passphrases. Results indicate that passphrase users experienced a rate of unsuccessful logins due to memory recall failure similar to that of users of self-generated simple passwords and stringent passwords. However, passphrase users had more failed login attempts due to typographical errors than did users of either simple or highly secure passwords. Moreover, although the typographical errors disappeared over time, passphrase users' initial problems negatively affected their end-of-experiment perceptions.