Encouraging users to improve password security and memorability

Yildirim, M and Mackie, I (2019) Encouraging users to improve password security and memorability. International Journal of Information Security. ISSN 1615-5262

[img] PDF - Published Version
Available under License Creative Commons Attribution.

Download (3MB)
[img] PDF - Accepted Version
Restricted to SRO admin only until 11 April 2020.

Download (1MB)

Abstract

Security issues in text-based password authentication are rarely caused by technical issues, but rather by the limitations of human memory, and human perceptions together with their consequential responses. This study introduces a new user-friendly guideline approach to password creation, including persuasive messages that motivate and influence users to select more secure and memorable text passwords without overburdening their memory. From a broad understanding of human factors-caused security problems, we offer a reliable solution by encouraging users to create their own formula to compose passwords. A study has been conducted to evaluate the efficiency of the proposed password guidelines. Its results suggest that the password creation methods and persuasive message provided to users convinced them to create cryptographically strong and memorable passwords. Participants were divided into two groups in the study. The participants in the experimental group who were given several password creation methods along with a persuasive message created more secure and memorable passwords than the participants in the control group who were asked to comply with the usual strict password creation rules. The study also suggests that our password creation methods are much more efficient than strict password policy rules. The security and usability evaluation of the proposed password guideline showed that simple improvements such as adding persuasive text to the usual password guidelines consisting of several password restriction rules make significant changes to the strength and memorability of passwords. The proposed password guidelines are a low-cost solution to the problem of improving the security and usability of text-based passwords.

Item Type: Article
Schools and Departments: School of Engineering and Informatics > Informatics
Research Centres and Groups: Foundations of Software Systems
Depositing User: Ian Mackie
Date Deposited: 26 Mar 2019 11:12
Last Modified: 01 Jul 2019 11:31
URI: http://sro.sussex.ac.uk/id/eprint/82802

View download statistics for this item

📧 Request an update