Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Released NISTIR 8040, Measuring the Usability and Security of Permuted Passwords on Mobile Platforms
April 27, 2016

NIST has published NIST Interagency Report (NISTIR) 8040, Measuring the Usability and Security of Permuted Passwords on Mobile Platforms. Password entry on mobile devices significantly impacts both usability and security, but there is a lack of usable security research in this area, specifically for complex password entry. This document proposes a measurement method for quantifying the effects on security resulting from optimizing the usability of password entry specifically for constrained input environments, i.e., the mobile touchscreen. A set of Python scripts for the experiments the NIST/ITL research team conducted on entropy loss are made publicly available.

Created December 21, 2016, Updated June 22, 2020

NIST Released NISTIR 8040, Measuring the Usability and Security of Permuted Passwords on Mobile Platforms April 27, 2016

NIST Released NISTIR 8040, Measuring the Usability and Security of Permuted Passwords on Mobile Platforms
April 27, 2016