Title
The usability of passphrases for authentication: An empirical field study
Abstract
In developing password policies, IT managers must strike a balance between security and memorability. Rules that improve structural integrity against attacks may also result in passwords that are difficult to remember. Recent technologies have relaxed the 8-character password constraint to permit the creation of longer pass-''phrases'' consisting of multiple words. Longer passphrases are attractive because they can improve security by increasing the difficulty of brute-force attacks and they might also be easy to remember. Yet, no empirical evidence concerning the actual usability of passphrases exists. This paper presents the results of a 12-week experiment that examines users' experience and satisfaction with passphrases. Results indicate that passphrase users experienced a rate of unsuccessful logins due to memory recall failure similar to that of users of self-generated simple passwords and stringent passwords. However, passphrase users had more failed login attempts due to typographical errors than did users of either simple or highly secure passwords. Moreover, although the typographical errors disappeared over time, passphrase users' initial problems negatively affected their end-of-experiment perceptions.
Year
DOI
Venue
2007
10.1016/j.ijhcs.2006.08.005
International Journal of Man-Machine Studies
Keywords
Field
DocType
12-week experiment,typographical error,empirical field study,secure password,stringent password,password policy,self-generated simple password,8-character password constraint,it manager,passphrase user,longer passphrases,it management,security,passwords,usability,authentication,empirical evidence,negative affect,user experience,passphrases,field study,memory
Internet privacy,Authentication,Computer science,Computer security,Usability,Login,Password policy,Access control,Password,Passphrase,Typographical error
Journal
Volume
Issue
ISSN
65
1
1071-5819
Citations 
PageRank 
References 
44
2.16
19
Authors
3
Name
Order
Citations
PageRank
mark j keith19310.04
Benjamin Shao2816.91
Paul John Steinbart312513.17