Title | An Empirical Analysis on the Usability and Security of Passwords |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Walia, K. S., Shenoy, S., Cheng, Y. |
Conference Name | 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science (IRI) |
Date Published | aug |
Keywords | authentication, authorisation, compositionality, empirical analysis, Entropy, Guidelines, Information Reuse and Security, message authentication, NIST, password, password creation strategies, password security, password-based authentication systems, passwords, phonemes, pubcrawl, Resiliency, security, security experts, usability |
Abstract | Security and usability are two essential aspects of a system, but they usually move in opposite directions. Sometimes, to achieve security, usability has to be compromised, and vice versa. Password-based authentication systems require both security and usability. However, to increase password security, absurd rules are introduced, which often drive users to compromise the usability of their passwords. Users tend to forget complex passwords and use techniques such as writing them down, reusing them, and storing them in vulnerable ways. Enhancing the strength while maintaining the usability of a password has become one of the biggest challenges for users and security experts. In this paper, we define the pronounceability of a password as a means to measure how easy it is to memorize - an aspect we associate with usability. We examine a dataset of more than 7 million passwords to determine whether the usergenerated passwords are secure. Moreover, we convert the usergenerated passwords into phonemes and measure the pronounceability of the phoneme-based representations. We then establish a relationship between the two and suggest how password creation strategies can be adapted to better align with both security and usability. |
DOI | 10.1109/IRI49571.2020.00009 |
Citation Key | walia_empirical_2020 |