Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

NIST Released NISTIR 8040, Measuring the Usability and Security of Permuted Passwords on Mobile Platforms
April 27, 2016

NIST has published NIST Interagency Report (NISTIR) 8040Measuring the Usability and Security of Permuted Passwords on Mobile Platforms. Password entry on mobile devices significantly impacts both usability and security, but there is a lack of usable security research in this area, specifically for complex password entry. This document proposes a measurement method for quantifying the effects on security resulting from optimizing the usability of password entry specifically for constrained input environments, i.e., the mobile touchscreen. A set of Python scripts for the experiments the NIST/ITL research team conducted on entropy loss are made publicly available.

Created December 21, 2016, Updated May 15, 2017