This dissertation explored the effects of various types of assistance on the generation, recall, and input of robust passwords containing at least twenty characters. Passwords are desirable memometric authentication secrets for many reasons, but their continued effectiveness depends on increasing their resistance to emerging attacks. Resistance to attacks is increasingly a function of length. Although previous password research revealed widespread use of short, weak passwords and conventional wisdom considers users incapable of reliably generating, recalling, and accurately inputting strong passwords, this study investigated ways to assist users in meeting the specific challenges of robust password management. Interventions in the password-generation stage of this study introduced participants to five password generation schemes, supplied various numbers of example passwords, and required reentry of passwords immediately after generation to explore possible benefits on subsequent authentication performance. Key findings of this research were that: • Twenty-character passwords can be as strong as their corresponding 128-bit hashes; • Acrostic password-generation schemes produced strong passwords; • Confessional and Unexpected Nonsense schemes produced memorable passwords; • Supplying example passwords led to stronger passwords; • All participants easily generated 20-character passwords and most experienced few problems in the vague recall of them; • 30% of participants generated and used very strong passwords without failure for seven weeks; • The input of the precise formulation of robust passwords was the greatest single cause of authentication failure; • Exposure to 5 or 10 additional password examples during the generation stage did not improve subsequent password performance; • Reentry of passwords four times during the generation stage did not improve subsequent password performance; • Although education and training are beneficial, the actual study treatments were not universally effective; and viii • The population of password users and the reasons for password failure are complex, and users who experience difficulties require additional attention and resources on a contingency basis. / A Dissertation submitted to the College of Information in partial fulfillment of the requirements for the degree of Doctor of Philosophy. / Summer Semester, 2007. / May 21, 2007. / usability, memometrics, authentication, information security, security, password / Includes bibliographical references. / Charles R. McClure, Professor Directing Dissertation; Michael Burmester, Outside Committee Member; John Carlo Bertot, Committee Member; Gary Burnett, Committee Member.
Identifer | oai:union.ndltd.org:fsu.edu/oai:fsu.digital.flvc.org:fsu_182304 |
Contributors | Henry, Peter Thomas, 1954- (authoraut), McClure, Charles R. (professor directing dissertation), Burmester, Michael (outside committee member), Bertot, John Carlo (committee member), Burnett, Gary (committee member), School of Library and Information Studies (degree granting department), Florida State University (degree granting institution) |
Publisher | Florida State University, Florida State University |
Source Sets | Florida State University |
Language | English, English |
Detected Language | English |
Type | Text, text |
Format | 1 online resource, computer, application/pdf |
Rights | This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). The copyright in theses and dissertations completed at Florida State University is held by the students who author them. |
Page generated in 0.002 seconds