Improving password security and memorability to protect personal and organizational information

International Journal of Human Computer Studies

Volumn 65, Issue 8, 2007, Pages 744-757

  Vu, Kim Phuong L ^a   Proctor, Robert W ^b   Bhargav Spantzel, Abhilasha ^b   Eugene Schultz, E ^c  

^a CALIFORNIA STATE UNIVERSITY   (United States)

^b Belin)   (United States)

^c High Tower Software ^*  (United States)

Author keywords

Authentication; Information security; Passwords

Indexed keywords

ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; SECURITY OF DATA; USER INTERFACES;

LOGIN TIME; PASSWORDS; PERSONAL INFORMATION; SECURE PASSWORDS;

AUTHENTICATION;

EID: 34249733184     PISSN: 10715819     EISSN: 10959300     Source Type: Journal    
DOI: 10.1016/j.ijhcs.2007.03.007     Document Type: Article

References (37)

1. Ackerman M.S., and Mainwaring S.D. Privacy issues and human-computer interaction. In: Cranor L.F., and Garfinkel S. (Eds). Security and Usability (2005), O'Reilly, Sebastopol, CA 381-399
2. Bergadano F., Crispo B., and Ruffo G. High dictionary compression for proactive password checking. ACM Transactions on Information and System Security 1 (1998) 3-25
3. Bidgoli H. Preface. In: Bidgoli H. (Ed). The Internet Encyclopedia vol. 1 (2004), Wiley, Hoboken, NJ XXIII-XXV
4. Bidgoli, H. (Ed.), 2006. Handbook of Information Security. Wiley, Hoboken, NJ.
5. Bishop M., and Klein D.V. Improving system security via proactive password checking. Computers and Security 14 (1995) 233-249
6. Blackwell A., Anderson R., and Grant A. Password memorability and security: empirical results. IEEE Security and Privacy (2004) 25-31
7. Brewer W. Memory for the pragmatic implications of sentences. Memory and Cognition 5 (1977) 673-678
8. Bunting M. Proactive interference and item similarity in working memory. Journal of Experimental Psychology: Learning, Memory, and Cognition 32 (2006) 183-196
9. Craik F.I.M., and Lockhart R.S. Levels of processing: a framework for memory research. Journal of Verbal Learning and Verbal Behavior 11 (1972) 671-684
10. Craik F.I.M., and Tulving E. Depth of processing and the retention of words in episodic memory. Journal of Experimental Psychology: General 104 (1975) 269-294
11. De Luis-Garcia R., Alberola-Lopez C., Aghzout O., and Ruiz-Alzola J. Biometric identification systems. Signal Processing 83 (2003) 2539-2557
12. de Winstanley P.A., and Bjork E.L. Processing strategies and the generation effect: implications for making a better reader. Memory & Cognition 32 (2004) 945-955
13. Gehringer E.F. Choosing passwords: security and human factors. Proceedings of IEEE 2002 (2002) 369-373
14. Halderman J.A., Waters B., and Felten E.W. Security through the eyes of users: a convenient method for securely managing passwords. In: Proceedings of the 14th International Conference on World Wide Web (2005), ACM Press, New York
15. Hilton, R., 2006. Password change policies. Retrieved from 〈http://blog.air0day.com/2006/04/27/password-change-policies/〉 . Downloaded on May 23, 2006.
16. Ives B., Walsh K.R., and Schneider H. The domino effect of password reuse. Communications of the ACM 47 (2004) 75-78
17. Jacoby L.L., and Craik F.I.M. Effects of elaboration of processing at encoding and retrieval: trace distinctiveness and recovery of initial context. In: Cermak L.S., and Craik F.I.M. (Eds). Levels of Processing in Human Memory (1979), Lawrence Erlbaum Associates, Hillsdale, NJ 1-21
18. Klein D. Foiling the cracker: a survey of, and improvements to, password security. Proceedings of the Second USENIX Security Workshop (1990) 5-14
19. Leyden, J., 2003. Office workers give away passwords for a cheap pen. The Register. Available on-line at 〈http://www.theregister.co.uk/2003/04/18/office_workers_give_away_p asswords/〉. Downloaded May 21, 2006.
20. Neath I. Human Memory: An Introduction to Research, Data, and Theory (1998), Brooks/Cole, Pacific Grove, CA
21. Parkin A.J. Levels of processing, context, and facilitation of pronunciation. Acta Psychologia 55 (1984) 19-29
22. Pinkas B., and Sander T. Securing passwords against dictionary attacks. In: Proceedings of the Ninth ACM Conference on Computer and Communications Security (2002), ACM, Washington, DC pp. 161-170
23. Posey, B.M., 2003. Recover lost passwords with these tricks and tools. Available online at 〈http://articles.techrepublic.com.com/5100-6329-5078287.html〉. Retrieved on December 10, 2006.
24. Proctor R.W., Lien M.C., Vu K.-P.L., Schultz E.E., and Salvendy G. Improving computer security for authentication of users: influence of proactive password restrictions. Behavior Research Methods, Instruments, & Computers 34 (2002) 163-169
25. Rainbow Technologies, 2003. Password survey results (June 2003). Retrieved November 14, 2005, from 〈http://mktg.rainbow.com/mk/get/pwsurvey03〉.
26. Richardson J.T.E. Dual coding versus relational processing in memory for concrete and abstract words. European Journal of Cognitive Psychology 15 (2003) 481-509
27. Riddle B.L., Miron M.S., and Semo J.A. Passwords in use in a university timesharing environment. Computers and Security 8 (1989) 569-579
28. Roediger Jr. H.L., and Karpicke J. The power of testing memory: basic research and implications for educational practice. Perspectives on Psychological Science 1 (2006) 181-210
29. RSA Security, 2005. RSA security survey reveals multiple passwords creating security risks and end user frustration. Available on-line at 〈WWW.rsasecurity.com〉. Downloaded on May 7, 2006.
30. SafeNet, 2005. 2004 annual password survey results. Available on-line at 〈www.safenet-inc.com〉. Downloaded on May 21, 2006.
31. Sasse M.A., Brostoff S., and Weirich D. Transforming the 'weakest link'-a human/computer interaction approach to usable and effective security. BT Technology Journal 19 (2001) 122-131
32. Schultz E.E., Proctor R.W., Lien M.-C., and Salvendy G. Usability and security: an appraisal of usability issues in information security methods. Computers & Security 20 (2001) 620-634
33. Schultz E.E. Web security and privacy. In: Proctor R.W., and Vu K.-P.L. (Eds). Handbook of Human Factors in Web Design (2005), Lawrence Erlbaum Associates, Mahwah, NJ 613-625
34. Slamecka N.J., and Graf P. The generation effect: delineation of a phenomenon. Journal of Experimental Psychology: Human Learning and Memory 4 (1978) 592-604
35. Tari, F., Ozok, A.A., Holden, S.H., 2006. Password management, mnemonics, and mother's maiden names: a comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of the Second Symposium on Usable Privacy and Security SOUPS '06. ACM Press, New York.
36. Viega J. Solutions to many of our security problems already exist, so why are we still so vulnerable?. Queue (2005) 41-50
37. Wiedenbeck F., Waters J., Birget J.-C., Brodskiy A., and Memon N. PassPoints: design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies 63 (2005) 102-127