Correct Horse Battery Staple: Exploring the Usability of System-Assisted Passphrases
Date: July 2012
Publication: Proceedings of the Symposium On Usable Privacy and Security, SOUPS '12
Source 1: http://www.blaseur.com/papers/shay2012correct.pdf
Source 2: http://cups.cs.cmu.edu/soups/2012/proceedings/a7_Shay.pdf
Source 3: http://dx.doi.org/10.1145/2335356.2335366 - Subscription or payment required
Abstract or Summary:
Users tend to create passwords that are easy to guess, while system-assigned passwords tend to be hard to remember. Passphrases, space-delimited sets of natural language words, have been suggested as both secure and usable for decades. In a 1,476-participant online study, we explored the usability of 3- and 4-word system-assigned passphrases in comparison to system-assigned passwords composed of 5 to 6 random characters, and 8-character system-assigned pronounceable passwords. Contrary to expectations, system-assigned passphrases performed similarly to system-assigned passwords of similar entropy across the usability metrics we examined. Passphrases and passwords were forgotten at similar rates, led to similar levels of user difficulty and annoyance, and were both written down by a majority of participants. However, passphrases took significantly longer for participants to enter, and appear to require error-correction to counteract entry mistakes. Passphrase usability did not seem to increase when we shrunk the dictionary from which words were chosen, reduced the number of words in a passphrase, or allowed users to change the order of words.
PasswordResearch.com Note: Additional authors listed for this paper: Lujo Bauer, Nicholas Christin, Lorrie Faith Cranor
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.