Cognitive passwords: the key for effective access control
Hulsey, John Douglas
Haga, William J.
MetadataShow full item record
Passwords are a commonly used method of access control for computer systems. Traditional passwords have been found to be inadequate. Passwords are generated from two sources: users and computer systems. User-selected passwords are easy to remember, but they might be easily guessed and therefore yield a lower degree of security. System-generated passwords usually offer a higher degree of security, but they are hard to remember and therefore meet with high user resistance. Because of this user resistance, password systems are either circumvented or not used. A solution to this tradeoff between memorability and security is a security mechanism that is easily remembered, user friendly, hard to guess and yields a high degree of security. Cognitive passwords offer these advantages. They are based on a series of predetermined questions with answers known normally only by a specific user. Research into the underlying theory, types of applicable questions and implementation of a prototype system is conducted.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Sawyer, Darren Antwon (Monterey, California: Naval Postgraduate School, 1990-03);The most widely used mechanism for access control to information systems is passwords. Passwords can be machine-generated using a list of words stored in a memory bank, machine-generated using a sophisticated algorithm to ...
Magno, Marianna B. (Monterey, California. Naval Postgraduate School, 1996-09);The use of a password as the only traditional user authentication mechanism has been criticized for its weakness in computer security. One problem is for the user to select short, easy to remember passwords. Another problem ...
Zviran, Moshe; Haga, William James (Monterey, California. Naval Postgraduate School, 1990-06); NPS-54-90-014Various mechanisms for authenticating users of computer-based information systems have been proposed. These include traditional, user-selected passwords, system-generated passwords, passphrases, cognitive passwords and ...