Litcius/Paper detail

An Empirical Analysis on the Usability and Security of Passwords

Kanwardeep Singh Walia, Shweta Shenoy, Yuan Cheng

202017 citationsDOI

Abstract

Security and usability are two essential aspects of a system, but they usually move in opposite directions. Sometimes, to achieve security, usability has to be compromised, and vice versa. Password-based authentication systems require both security and usability. However, to increase password security, absurd rules are introduced, which often drive users to compromise the usability of their passwords. Users tend to forget complex passwords and use techniques such as writing them down, reusing them, and storing them in vulnerable ways. Enhancing the strength while maintaining the usability of a password has become one of the biggest challenges for users and security experts. In this paper, we define the pronounceability of a password as a means to measure how easy it is to memorize - an aspect we associate with usability. We examine a dataset of more than 7 million passwords to determine whether the usergenerated passwords are secure. Moreover, we convert the usergenerated passwords into phonemes and measure the pronounceability of the phoneme-based representations. We then establish a relationship between the two and suggest how password creation strategies can be adapted to better align with both security and usability.

Topics & Concepts

PasswordUsabilityComputer sciencePassword policyCognitive passwordComputer securityInternet privacyWorld Wide WebHuman–computer interactionOne-time passwordUser Authentication and Security SystemsAdvanced Malware Detection TechniquesInnovative Human-Technology Interaction
An Empirical Analysis on the Usability and Security of Passwords | Litcius