University of Sussex
Browse
s10207-019-00429-y.pdf (3.12 MB)

Encouraging users to improve password security and memorability

Download (3.12 MB)
Version 2 2023-06-13, 15:16
Version 1 2023-06-09, 17:22
journal contribution
posted on 2023-06-13, 15:16 authored by M Yildirim, Ian MackieIan Mackie
Security issues in text-based password authentication are rarely caused by technical issues, but rather by the limitations of human memory, and human perceptions together with their consequential responses. This study introduces a new user-friendly guideline approach to password creation, including persuasive messages that motivate and influence users to select more secure and memorable text passwords without overburdening their memory. From a broad understanding of human factors-caused security problems, we offer a reliable solution by encouraging users to create their own formula to compose passwords. A study has been conducted to evaluate the efficiency of the proposed password guidelines. Its results suggest that the password creation methods and persuasive message provided to users convinced them to create cryptographically strong and memorable passwords. Participants were divided into two groups in the study. The participants in the experimental group who were given several password creation methods along with a persuasive message created more secure and memorable passwords than the participants in the control group who were asked to comply with the usual strict password creation rules. The study also suggests that our password creation methods are much more efficient than strict password policy rules. The security and usability evaluation of the proposed password guideline showed that simple improvements such as adding persuasive text to the usual password guidelines consisting of several password restriction rules make significant changes to the strength and memorability of passwords. The proposed password guidelines are a low-cost solution to the problem of improving the security and usability of text-based passwords.

History

Publication status

  • Published

File Version

  • Published version

Journal

International Journal of Information Security

ISSN

1615-5262

Publisher

Springer Verlag

Department affiliated with

  • Informatics Publications

Research groups affiliated with

  • Foundations of Software Systems Publications

Full text available

  • Yes

Peer reviewed?

  • Yes

Legacy Posted Date

2019-03-26

First Open Access (FOA) Date

2019-06-03

First Compliant Deposit (FCD) Date

2019-03-25

Usage metrics

    University of Sussex (Publications)

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC