The characteristics of user-generated passwords
Sawyer, Darren Antwon
Haga, William J.
MetadataShow full item record
The most widely used mechanism for access control to information systems is passwords. Passwords can be machine-generated using a list of words stored in a memory bank, machine-generated using a sophisticated algorithm to create a pseudo-random combination of characters or they can be user-generated. User-generated passwords typically take on the characteristics of some type of meaningful detail that is simple in structure and easy to remember. Memorability and security pose a difficult trade-off in password generation. A system security administrator wants passwords that are unpredictable, frequently changed and provide the greatest degree of system security achievable while users want passwords that are simple and easy to remember. When they become difficult to remember they are likely to be written down. Once written down a compromise to security occurs because users tend to store them in insecure places. This thesis looks at user-generated password characteristics. Of particular interest is how password selection, memorability and predictability are affected by the number of characters in a password, the importance and sensitivity of a user's data, a user's work location, how a password was chosen, the frequency of changing a password and the frequency of logging on to a system with a password.
Approved for public release; distribution is unlimited.
Showing items related by title, author, creator and subject.
Hulsey, John Douglas (Monterey, California. Naval Postgraduate School, 1989-09);Passwords are a commonly used method of access control for computer systems. Traditional passwords have been found to be inadequate. Passwords are generated from two sources: users and computer systems. User-selected ...
Zviran, Moshe; Haga, William James (Monterey, California. Naval Postgraduate School, 1990-06); NPS-54-90-014Various mechanisms for authenticating users of computer-based information systems have been proposed. These include traditional, user-selected passwords, system-generated passwords, passphrases, cognitive passwords and ...
Magno, Marianna B. (Monterey, California. Naval Postgraduate School, 1996-09);The use of a password as the only traditional user authentication mechanism has been criticized for its weakness in computer security. One problem is for the user to select short, easy to remember passwords. Another problem ...