Published: August 2, 2015
Author(s)
Paul Lee (NIST), Yee-Yin Choong (NIST)
Conference
Name: 3rd International Conference on Human Aspects of Information Security, Privacy and Trust
Dates: 08/02/2015 - 08/07/2015
Location: Los Angeles, California, United States
Citation: Human Aspects of Information Security, Privacy, and Trust: Third International Conference, HAS 2015, vol. 9190, pp. 83-94
The generation stage of the user password management lifecycle is arguably the most important yet perilous step. Fulfilling minimum length and character type requirements while attempting to create something memorable can become an arduous task, leaving the users frustrated and confused. Our study focuses on two areas: password requirements and formatting, and examines the differences in user performance to understand the human password generation space. The results show a clear drop in performance when users generate passwords following a complex rule set as opposed to a simple rule set, with fewer passwords, more errors, and longer times for rule comprehension and password generation. Formatted rule presentation shows promising results that may facilitate user password generation. Findings from this study will contribute to a better understanding of the user password generation stage and shed light on future development of password policies balancing security and usability
The generation stage of the user password management lifecycle is arguably the most important yet perilous step. Fulfilling minimum length and character type requirements while attempting to create something memorable can become an arduous task, leaving the users frustrated and confused. Our study...
See full abstract
The generation stage of the user password management lifecycle is arguably the most important yet perilous step. Fulfilling minimum length and character type requirements while attempting to create something memorable can become an arduous task, leaving the users frustrated and confused. Our study focuses on two areas: password requirements and formatting, and examines the differences in user performance to understand the human password generation space. The results show a clear drop in performance when users generate passwords following a complex rule set as opposed to a simple rule set, with fewer passwords, more errors, and longer times for rule comprehension and password generation. Formatted rule presentation shows promising results that may facilitate user password generation. Findings from this study will contribute to a better understanding of the user password generation stage and shed light on future development of password policies balancing security and usability
Hide full abstract
Keywords
password generation; cybersecurity; password policy; usability
Control Families
None selected