Improving Password Memorability and Strength Using Mangling rules

Paste the appropriate copyright statement here. ACM now supports three different copyright statements: • ACM copyright: ACM holds the copyright on the work. This is the historical approach. • License: The author(s) retain copyright, but ACM receives an exclusive publication license. • Open Access: The author(s) wish to pay for the work to be open access. The additional fee must be paid to ACM. This text field is large enough to hold the appropriate release statement assuming it is single spaced in a sans-serif 7 point font. Every submission will be assigned their own unique DOI string to be included here. Abstract UPDATED—June 8, 2016. Recently, to support users in choosing more secure passwords, websites are providing password strength meters and/or require user passwords to conform to a composition policy. However, there are inconsistent strength outcomes for the same password in different password meters that may confuse users in creating a stronger password. Also, policies may miss their goal, since users create predictable ("weak") passwords under those policies. To help users to create complex passwords, we are proposing a password generator mechanism that is based on mangling rules. The goal of using the mangling rules is to increase the security of the proposed passwords without sacrificing the memorability. We are planning an online user study on Amazon MTurk to evaluate memorability and users’ preferences of our approach.