The University of Southampton
×
Filter your search:
University of Southampton Institutional Repository

The memorability and security of passwords

The memorability and security of passwords
The memorability and security of passwords
There are many things that are 'well known' about passwords , such as that uers can't remember strong passwords and that the passwords they can remember are easy to guess. However, there seems to be a distinct lack of research on the subject that would pass muster by the standards of applied psychology. Here we report a controlled trial in which, of four sample groups of about 100 first-year students, three were recruited to a formal experiment and of these two were given specific advice about password selection. The incidence of weak passwords was determined by cracking the password file, and the number of password resets was measured from system logs. We observed a number of phenomena which run counter to the established wisdom. For example, passwords based on mnemonic phrases are just as hard to crack as random passwords yet just as easy to remember as naive user selections.
714
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
Blackwell, Alan
3e8096e0-f6a0-4571-961e-481b3440fdb6
Anderson, Ross
cb06c281-f6bf-4f64-a3a2-62936d406509
Grant, Alasdair
754526b3-e51e-40a0-97cf-a9ba1c789486
Yan, Jeff
a2c03187-3722-46c8-b73b-439eb9d1a10e
Blackwell, Alan
3e8096e0-f6a0-4571-961e-481b3440fdb6
Anderson, Ross
cb06c281-f6bf-4f64-a3a2-62936d406509
Grant, Alasdair
754526b3-e51e-40a0-97cf-a9ba1c789486

Yan, Jeff, Blackwell, Alan, Anderson, Ross and Grant, Alasdair (2000) The memorability and security of passwords. In, Security and Usability: Designing Secure Systems That People Can Use. (Security and Usability: Designing Secure Systems That People Can Use) p. 714.

Record type: Book Section

Abstract

There are many things that are 'well known' about passwords , such as that uers can't remember strong passwords and that the passwords they can remember are easy to guess. However, there seems to be a distinct lack of research on the subject that would pass muster by the standards of applied psychology. Here we report a controlled trial in which, of four sample groups of about 100 first-year students, three were recruited to a formal experiment and of these two were given specific advice about password selection. The incidence of weak passwords was determined by cracking the password file, and the number of password resets was measured from system logs. We observed a number of phenomena which run counter to the established wisdom. For example, passwords based on mnemonic phrases are just as hard to crack as random passwords yet just as easy to remember as naive user selections.

This record has no associated files available for download.

More information

Published date: 2000
Related URLs:
Learn more about Cyber Security research

Identifiers

Local EPrints ID: 500759
URI: http://eprints.soton.ac.uk/id/eprint/500759
PURE UUID: ba8b2a7f-5bbc-4b6b-b411-dc25309f1cca

Catalogue record

Date deposited: 12 May 2025 16:57
Last modified: 12 May 2025 16:57

Export record

Contributors

Author: Jeff Yan
Author: Alan Blackwell
Author: Ross Anderson
Author: Alasdair Grant

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Library staff additional information
Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×