Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Human-Centered Cybersecurity

Authentication

Authentication mechanisms such as passwords and multi-factor authentication methods (e.g., smart cards and tokens) provide examples of the challenges involved in creating usable cybersecurity solutions.

Our research explores the usage and usability of authentication mechanisms. We focus on how these mechanisms can be improved to aid in their correct, secure employment by different user populations while avoiding user frustration and circumvention. Also see our Youth Security & Privacy research area for publications related to youth passwords.

 

Publications


Papers

Digital Identity Guidelines: Enrollment and Identity Proofing Requirements paper icon – Paul Grassi, James Fenton, Naomi Lefkovitz, Jamie Danker, Yee-Yin Choong, Kristen Greene, & Mary Theofanos. SP 800-63A (2017)

Digital Identity Guidelines: Authentication and Lifecycle Management paper icon – Paul Grassi, Elaine Newton, Ray Perliner, Andrew Regenscheid, James Fenton, William Burr, Justin Richter, Naomi Lefkovitz, Jamie Danker, Yee-Yin Choong, Kristen Greene, & Mary Theofanos. SP 800-63B (2017)

Digital Identity Guidelines: Federation and Assertions paper icon – Paul Grassi, Ellen Nadeau, Justin Richer, Sarah Squire, James Fenton, Naomi Lefkovitz, Jamie Danker, Yee-Yin Choong, Kristen Greene, & Mary Theofanos. SP 800-63C (2017)

Papers

Memory and Motor Processes of Password Entry Error paper icon - Frank Tamborello & Kristen Greene. Proceedings of the Human Factors and Ergonomics Society Annual Meeting (2016)

Password Entry Errors: Memory or Motor? report icon - Kristen Greene & Frank Tamborello. Proceedings of the 13th International Conference on Cognitive Modeling (2015)

ACT-R Modeling of Password Entry Errors [poster] poster icon - Kristen Greene & Franklin Tamborello. Proceedings of the 24th Conference on Behavior Representation in Modeling and Simulation (2015)

Electrodermal Activity and Eye Movements Inform the Usability of Passwords [poster] poster icon - Jennifer R. Bergstrom, Kristen Greene, David C. Hawkins, & Christian Gonzalez. Proceedings of the 44th Annual Meeting of the Society for Neuroscience (2014)

Papers

Usability and Security Considerations for Public Safety Mobile Authentication paper icon - Yee-Yin Choong, Joshua M. Franklin, & Kristen Greene. NISTIR 8080 (2016)

Measuring the Usability and Security of Permuted Passwords on Mobile Platforms paper icon - Kristen Greene, John M. Kelsey, & Joshua M. Franklin. NISTIR 8040 (2016)

Tap On, Tap Off: Onscreen Keyboards and Mobile Password Entry paper icon Recorded presentation video icon - Kristen Greene, Joshua M. Franklin, & John M. Kelsey. Proceedings of ShmooCon (2015)

I Can't Type That! P@$$w0rd Entry on Mobile Devices paper icon - Kristen Greene, Melissa A. Gallagher, Brian C. Stanton, & Paul Y. Lee. Proceedings of HCI International (2014)

Papers

Usability of PIV Smartcards for Logical Access paper icon - Mary F. Theofanos, Emile L. Morse, Hannah Wald, Yee-Yin Choong, Celeste Paul, & Aiping L. Zhang. NISTIR 7867 (2012)

A Field Study of User Behavior and Perception in Smartcard Authentication paper icon  - Emile L. Morse, Celeste L. Paul, Aiping L. Zhang, Yee-Yin Choong, & Mary F. Theofanos. Proceedings of the 13th IFIP TC13 Conference on Human-Computer Interaction (INTERACT) (2011)

Presentations

PIV Pilot Usability Lessons Learned presentation icon – Mary Theofanos (Nov 8, 2010)

Papers

Must I, can I? I don’t understand your ambiguous password rules paper icon  – Kristen K. Greene & Yee-Yin Choong. Information and Computer Security (2017)

Secure and Usable Enterprise Authentication: Lessons from the Field paper icon – Mary F. Theofanos, Simson L. Garfinkel, & Yee-Yin Choong. IEEE Security & Privacy (2016)

What's a Special Character Anyway? Effects of Ambiguous Terminology in Password Rules paper icon  - Yee-Yin Choong & Kristen Greene. Proceedings of the Human Factors and Ergonomics Society Annual Meeting (2016)

What 4,500+ people can tell you – Employees' Attitudes toward Organizational Password Policy Do Matter paper icon  - Yee-Yin Choong & Mary F. Theofanos. Proceedings of the 3rd International Conference on Human Aspects of Information Security, Privacy, and Trust (2015)

Effects of Password Permutation on Subjective Usability Across Platforms paper icon  - Kristen Greene. Proceedings of HCI International (2015)

Human Generated Passwords - The Impacts of Password Requirements and Presentation Styles paper icon  – Paul Y. Lee & Yee-Yin Choong. Proceedings of HCI International (2015)

The Authentication Equation: A Tool to Visualize the Convergence of Security and Usability of Text-Based Passwords paper icon  – Cathryn A. Ploehn & Kristen Greene Proceedings of HCI International (2015)

Report: Authentication Diary Study paper icon – Michelle P. Steves & Mary F. Theofanos. NISTIR 7983 (2014)

Development of a Scale to Assess the Linguistic and Phonological Difficulty of Passwords paper icon - Jennifer R. Bergstrom, Stefan A. Frisch, David C. Hawkins, Joy Hackenbracht, Kristen Greene, Mary F. Theofanos, & Brian Griepentrog. Proceedings of the 6th International Conference on Cross-Cultural Design (2014)

United States Federal Employees' Password Management Behaviors paper icon  – A Department of Commerce Case Study - Yee-Yin Choong, Mary F. Theofanos, & Hung-Kung Liu. NISTIR 7991 (2014)

Character Strings, Memory and Passwords: What a Recall Study Can Tell Us paper icon  – Brian C. Stanton & Kristen K. Greene. Proceedings of the International Conference on Human Aspects of Information Security, Privacy, and Trust (HAS) (2014)

A Cognitive-Behavioral Framework of User Password Management Lifecycle paper icon  – Yee-Yin Choong. Proceedings of HCI International (2014)

 

Presentations

Password Usability presentation icon - Yee-Yin Choong (Oct 23, 2015)

Employee Password Usability Study presentation icon - Yee-Yin Choong (Sep 10, 2015)

Papers

Password Policy Languages: Usable Translation from the Informal to the Formal paper icon – Michelle Steves, Mary Theofanos, Celia Paulsen, & Athos Ribeiro. Proceedings of the International Conference on Human Aspects of Information Security, Privacy, and Trust (2015)

Clear, Unambiguous Password Policies: An Oxymoron? paper icon – Michelle Steves, Kevin Killourhy, & Mary F. Theofanos Proceedings of the 6th International Conference on Cross-Cultural Design (2014)

Taxonomic Rules for Password Policies: Translating the Informal to the Formal Language paper icon – Kevin Killourhy, Yee-Yin Choong, & Mary Theofanos. NISTIR 7970 (2013)

Presentations

Usability Research in Support Of Cyber-Security: A Password Policy Taxonomy presentation icon – Kevin Killourhy (May 7, 2008)

 

Created November 17, 2016, Updated February 12, 2024