"Ten Strikes and You're Out": Increasing the Number of Login Attempts Can Improve Password Usability
Date: April 2003 Publication: Proceedings of CHI 2003, Workshop on Human-Computer Interaction and Security Systems Source 1: http://discovery.ucl.ac.uk/19826/2/hcisec-workshop-brostoff-2.pdf Source 2: http://www.andrewpatrick.ca/CHI2003/HCISEC/hcisec-workshop-brostoff-2.pdf Source 3: http://hornbeam.cs.ucl.ac.uk/hcs/teaching/GA10/lec1extra/hcisec-workshop-brostoff-2.pdf Abstract or Summary:
Many users today are struggling to manage an increasing number of passwords. As a consequence, many organizations face an increasing demand on an expensive resource – the system administrators or help desks. This paper suggests that re-considering the “3- strikes” policy commonly applied to password login systems would be an immediate way of reducing this demand. We analyzed 10 weeks worth of system logs from a sample of 386 users, whose login attempts were not restricted in the usual manner. During that period, only 10% of login attempts failed. We predict that requests for password reminders could be reduced by up to 44% by increasing the number of strikes from 3 to ten. Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |