The Security and Memorability of Passwords Generated by Using an Association Element and a Personal Factor
Publication: Proceedings of the 16th Nordic Conference on Information Security Technology for Applications NordSec '11
Page(s): 114 - 130
Publisher: Springer Berlin Heidelberg
Source 1: http://link.springer.com/chapter/10.1007/978-3-642-29615-4_9 - Subscription or payment required
Abstract or Summary:
A well-established truth regarding password authentication is that easily remembered passwords are weak. This study demonstrates that this is not necessarily true. Users can be encouraged to design strong passwords, using elements associated with a given service, together with a personal factor. Regulatory bodies and information security experts are often asked the question: "what is a good password?" We claim that this is not the right question; it should be: "how can one design multiple passwords that are strong and memorable at the same time?" This paper presents guidelines for password design that combine a Personal Factor with an element associated to the login site. Analysis of the passwords generated by a group of volunteers and their ability to recall multiple passwords at later moments in time show that one can actually achieve good memorability of strong and unique passwords.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.