Titre du document / Document title

The usability of passphrases for authentication : An empirical field study

Auteur(s) / Author(s)

KEITH Mark ⁽¹⁾ ; SHAO Benjamin ⁽¹⁾ ; STEINBART Paul John ⁽¹⁾ ;

Affiliation(s) du ou des auteurs / Author(s) Affiliation(s)

⁽¹⁾ Department of Information Systems, W. P. Carey School of Business, Arizona State University, Box 4606, Tempe, AZ 85287-4606, ETATS-UNIS

Résumé / Abstract

In developing password policies, IT managers must strike a balance between security and memorability. Rules that improve structural integrity against attacks may also result in passwords that are difficult to remember. Recent technologies have relaxed the 8-character password constraint to permit the creation of longer pass-"phrases" consisting of multiple words. Longer passphrases are attractive because they can improve security by increasing the difficulty of brute-force attacks and they might also be easy to remember. Yet, no empirical evidence concerning the actual usability of passphrases exists. This paper presents the results of a 12-week experiment that examines users' experience and satisfaction with passphrases. Results indicate that passphrase users experienced a rate of unsuccessful logins due to memory recall failure similar to that of users of self-generated simple passwords and stringent passwords. However, passphrase users had more failed login attempts due to typographical errors than did users of either simple or highly secure passwords. Moreover, although the typographical errors disappeared over time, passphrase users' initial problems negatively affected their end-of-experiment perceptions.

Revue / Journal Title

International journal of human-computer studies   ISSN 1071-5819 

Source / Source

Congrès
Information security in the knowledge economy. Symposium, Phoenix, AZ , ETATS-UNIS (07/09/2005)
2007, vol. 65, n^o 1 (93 p.)  [Document : 12 p.] (39 ref.), pp. 17-28 [12 page(s) (article)]

Langue / Language

Anglais

Editeur / Publisher

Elsevier, London, ROYAUME-UNI  (1994) (Revue)

Mots-clés anglais / English Keywords

Empirical method ; Satisfaction ; Password ; Access control ; Usability ; Integrity ; Computer security ; Authentication ; Distributed system ; User interface ;

Mots-clés français / French Keywords

Méthode empirique ; Satisfaction ; Mot de passe ; Contrôle accès ; Utilisabilité ; Intégrité ; Sécurité informatique ; Authentification ; Système réparti ; Interface utilisateur ;

Mots-clés espagnols / Spanish Keywords

Método empírico ; Satisfacción ; Contraseña ; Usabilidad ; Integridad ; Seguridad informatica ; Autenticación ; Sistema repartido ; Interfase usuario ;

Mots-clés d'auteur / Author Keywords

Passwords ; Passphrases ; Authentication ; Security: Memory ; Usability ;

Localisation / Location

INIST-CNRS, Cote INIST : 14299, 35400014315601.0020