The effectiveness and usability of passphrases for authentication

Mark Keith, Benjamin Shao, Paul Steinbart

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In developing password policies, IT managers must strike a balance between security and memorability. Rules that improve structural integrity against attacks (e.g., increasing length and multiple character types) may also result in passwords that are difficult to remember. Recent technologies have relaxed the 8-character password constraint - permitting the creation of longer pass-"phrases" consisting of multiple words. Psychology theories suggest users can remember passphrases at least as well as passwords. This paper reports an experiment currently in progress that tests the usability of passphrases. Subjects are randomly assigned to three different password creation techniques: a control group with no constraints, a secure group given strong password requirements, and a passphrase group. It is expected that the passphrases group will have fewer failed login attempts than the secure group and no more failed login attempts than the control group. Practical implications include stronger authentication with reduced help desk costs.

Original languageEnglish (US)
Title of host publicationAssociation for Information Systems - 11th Americas Conference on Information Systems, AMCIS 2005
Subtitle of host publicationA Conference on a Human Scale
Pages3354-3357
Number of pages4
StatePublished - Dec 1 2005
Event11th Americas Conference on Information Systems, AMCIS 2005 - Omaha, NE, United States
Duration: Aug 11 2005Aug 15 2005

Publication series

NameAssociation for Information Systems - 11th Americas Conference on Information Systems, AMCIS 2005: A Conference on a Human Scale
Volume7

Other

Other11th Americas Conference on Information Systems, AMCIS 2005
CountryUnited States
CityOmaha, NE
Period8/11/058/15/05

Keywords

  • Authentication
  • Memory
  • Passwords
  • Security

ASJC Scopus subject areas

  • Computer Science Applications
  • Computer Networks and Communications
  • Information Systems
  • Library and Information Sciences

Fingerprint Dive into the research topics of 'The effectiveness and usability of passphrases for authentication'. Together they form a unique fingerprint.

Cite this