Password Policy Effects on Entropy and Recall: Research in Progress
نویسنده
چکیده
Passwords are commonly used for authentication. System architects generally put in place password policies that define the required length of a password, the complexity requirements of the password, and the expiration (if ever) of the password. Password policies are designed with the intent of helping users choose secure passwords, and in the case of password expiration, limit the potential damage of a compromised password. However, password policies can have unintended consequences that could potentially undermine their security aims. Based on the theory of cognitive load, it is hypothesized that password policy elements increase extraneous load, which can result in high entropy passwords, but to the detriment of recall. It is further hypothesized that certain password policy elements can still help increase entropy, while minimizing the negative impact on recall. An experiment to test the hypotheses and determine both a secure and user friendly password policy is put forward.
منابع مشابه
Evaluating the Usability of System-Generated and User-Generated Passwords of Approximately Minimum Equal Security
System-generated or user-generated text-based passwords are commonly used by the users to authenticate access to their electronic assets. These passwords may vary in usability and memorability depending on the type of password generation, composition and length. However, little past research has compared usability and memorability of passwords, satisfying minimum entropy for a secure password. ...
متن کاملDiagnosis of Government Policy Implementation in Iranian Universities of Medical Sciences by Shannon Entropy Approach
Background: Given that the health system is one of the most important areas for social development in all countries, special attention should be paid to policy making and monitoring in this area. This research aimed to diagnose achievement goals of government policies focusing on government medical universities in Iran, which are the mainstay of providing health care. Methods: The present stu...
متن کاملA Novel Web - based Approach for Balancing Usability and Security Requirements of Text Passwords
Many Internet applications, for example e-commerce or email services require that users create a username and password which serves as an authentication mechanism. Though text passwords have been around for a while, not much has been done in helping naive Internet users in creating strong passwords. Generally users prefer easy-to-remember passwords, but service provides prefer that users use a ...
متن کاملRethinking Passwords to Adapt to Constrained Keyboards
We describe and analyze a variant of the traditional password scheme. This is designed to take advantage of standard error-correcting methods of the types used to facilitate text entry on handsets. We call the new approach fastwords to emphasize their primary feature compared to regular passwords. Compared with passwords, fastwords are approximately twice as fast to enter on mobile keyboards, a...
متن کاملTesting Computer-Aided Mnemonics and Feedback for Fast Memorization of High-Value Secrets
People sometimes require very strong passwords for high-value accounts (e.g., master passwords for password managers and encryption keys), but often cannot create these strong passwords. Assigning them provably strong secrets is one solution, and prior work has shown that people can learn these assigned secrets through rote learning, though learning the secrets takes some time and they are quic...
متن کامل