The Characteristics of User-Generated Passwords
Abstract
The most widely used mechanism for access control to information systems is passwords. Passwords can be machine-generated using a list of words stored in a memory bank, machine-generated using a sophisticated algorithm to create a pseudo-random combination of characters or they can be user-generated. User-generated passwords typically take on the characteristics of some type of meaningful detail that is simple in structure and easy to remember. Memorability and security pose a difficult trade-off in password generation. A system security administrator wants passwords that are unpredictable, frequently changed and provide the greatest degree of system security achievable while users want passwords that are simple and easy to remember. When they become difficult to remember they are likely to be written down. Once written down a compromise to security occurs because users tend to store them in insecure places. This thesis looks at user-generated password characteristics. Of particular interest is how password selection, memorability and predictability are affected by the number of characters in a password, the importance and sensitivity of a user's data, a user's work location, how a password was chosen, the frequency of changing a password and the frequency of logging on to a system with a password. Theses.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 01, 1990
- Accession Number
- ADA225390
Entities
People
- Darren A. Sawyer
Organizations
- Naval Postgraduate School