Helping Users Create Better Passwords: Is this the right approach?
Date: July 2007
Publication: Symposium on Usable Privacy and Security (SOUPS) 2007
Source 1: http://cups.cs.cmu.edu/~aforget/Forget_SOUPS2007.pdf
Source 2: http://cups.cs.cmu.edu/soups/2007/posters/p151_forget.pdf
Source 3: http://dx.doi.org/10.1145/1280680.1280703 - Subscription or payment required
Abstract or Summary:
Users tend to form their own mental models of good passwords regardless of any instructions provided. They also tend to favour memorability over security. In our study comparing two mnemonic phrase-based password schemes, we found a surprising number of participants misused both schemes. Intentional or not, they misused the system such that their task of password creation and memorization became easier. Thus, we believe that instead of better instructions or password schemes, a new approach is required to convince users to create more secure passwords. One possibility may lie in employing Persuasive Technology.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.