s10207-019-00429-y.pdf (3.12 MB)
Encouraging users to improve password security and memorability
Version 2 2023-06-13, 15:16
Version 1 2023-06-09, 17:22
journal contribution
posted on 2023-06-13, 15:16 authored by M Yildirim, Ian MackieIan MackieSecurity issues in text-based password authentication are rarely caused by technical issues, but rather by the limitations of human memory, and human perceptions together with their consequential responses. This study introduces a new user-friendly guideline approach to password creation, including persuasive messages that motivate and influence users to select more secure and memorable text passwords without overburdening their memory. From a broad understanding of human factors-caused security problems, we offer a reliable solution by encouraging users to create their own formula to compose passwords. A study has been conducted to evaluate the efficiency of the proposed password guidelines. Its results suggest that the password creation methods and persuasive message provided to users convinced them to create cryptographically strong and memorable passwords. Participants were divided into two groups in the study. The participants in the experimental group who were given several password creation methods along with a persuasive message created more secure and memorable passwords than the participants in the control group who were asked to comply with the usual strict password creation rules. The study also suggests that our password creation methods are much more efficient than strict password policy rules. The security and usability evaluation of the proposed password guideline showed that simple improvements such as adding persuasive text to the usual password guidelines consisting of several password restriction rules make significant changes to the strength and memorability of passwords. The proposed password guidelines are a low-cost solution to the problem of improving the security and usability of text-based passwords.
History
Publication status
- Published
File Version
- Published version
Journal
International Journal of Information SecurityISSN
1615-5262Publisher
Springer VerlagExternal DOI
Department affiliated with
- Informatics Publications
Research groups affiliated with
- Foundations of Software Systems Publications
Full text available
- Yes
Peer reviewed?
- Yes
Legacy Posted Date
2019-03-26First Open Access (FOA) Date
2019-06-03First Compliant Deposit (FCD) Date
2019-03-25Usage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC