Correct Horse Battery Staple: Exploring the Usability of System-Assisted Passphrases
Author(s): Richard Shay, Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Blase Ur, Tim Vidas

Date: July 2012
Publication: Proceedings of the Symposium On Usable Privacy and Security, SOUPS '12
Publisher: ACM
Source 1: http://www.blaseur.com/papers/shay2012correct.pdf
Source 2: http://cups.cs.cmu.edu/soups/2012/proceedings/a7_Shay.pdf
Source 3: http://dx.doi.org/10.1145/2335356.2335366 - Subscription or payment required

Abstract or Summary:
Users tend to create passwords that are easy to guess, while system-assigned passwords tend to be hard to remember. Passphrases, space-delimited sets of natural language words, have been suggested as both secure and usable for decades. In a 1,476-participant online study, we explored the usability of 3- and 4-word system-assigned passphrases in comparison to system-assigned passwords composed of 5 to 6 random characters, and 8-character system-assigned pronounceable passwords. Contrary to expectations, system-assigned passphrases performed similarly to system-assigned passwords of similar entropy across the usability metrics we examined. Passphrases and passwords were forgotten at similar rates, led to similar levels of user difficulty and annoyance, and were both written down by a majority of participants. However, passphrases took significantly longer for participants to enter, and appear to require error-correction to counteract entry mistakes. Passphrase usability did not seem to increase when we shrunk the dictionary from which words were chosen, reduced the number of words in a passphrase, or allowed users to change the order of words.

PasswordResearch.com Note: Additional authors listed for this paper: Lujo Bauer, Nicholas Christin, Lorrie Faith Cranor


Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com