Human selection of mnemonic phrase-based passwords

ACM International Conference Proceeding Series

Volumn 149, Issue , 2006, Pages 67-78

  Kuo, Cynthia ^a   Romanosky, Sasha ^a   Cranor, Lorrie Faith ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

Mnemonic phrases; Password cracking; Password selection; User studies

Indexed keywords

MNEMONIC PHRASES; PASSWORD CRACKING; PASSWORD SELECTION; USER STUDIES;

DATA ACQUISITION; DIGITAL LIBRARIES; HUMAN COMPUTER INTERACTION; INTERNET; USER INTERFACES;

SECURITY OF DATA;

EID: 34250767745     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1143120.1143129     Document Type: Conference Paper

References (37)

1. Adams, A., and Sasse, M.A., 1999. Users are not the enemy: why users compromise security mechanisms and how to take remedial measures. Communications of the ACM 42 (12), 40-46.
2. Australian Computer Emergency Response Team (AusCERT). Choosing good passwords. AusCERT Reference # GoodPasswords, February 1, 2001. http://www.auscert.org.au/render.html?it=2260 (accessed March 2006).
3. Brostoff, S. Performance of Authentication Mechanisms. PhD Thesis, Chapter 4. http://www.cs.ucl.ac.uk/staff/s.brostoff/thesis/sachas_thesis_ch04. pdf (accessed May 2006).
4. Brostoff, S., and Sasse M. A. Ten strikes and you're out: Increasing the number of login attempts can improve password usability. CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Ft. Lauderdale, Florida.
5. The Classic TV Database. Classic TV Theme Songs - Theme Song Lyrics. http://www.classic-tv.com/themesongs/lyrics.asp (accessed July 2004).
6. Curry, D.A. Selecting Good Passwords. Excerpts from Improving the Security of Your UNIX System. http://www.alw.nih.gov/Security/Docs/passwd.html (accessed March 2006).
7. Debian Package: GPW, http://www.mnis.fr/deb30/utils/gpw.html (accessed May 2006).
8. Fact-index.com. List of Advertising Slogans. http://www.fact-index.com/l/ li/list_of_advertising_slogans.html (accessed July 2004).
9. Federal Information Processing Standards Publication 181, Standard for Automated Password Generator. National Institute of Standards and Technology, October 5, 1993. http://www.itl.nist.gov/fipspubs/fip181.htm (accessed February 2006).
10. Ganesan, R. and Davies, C. A New Attack on Random Pronounceable Password Generators. Proceedings of the 17th {NIST}-{NCSC} National Computer Security Conference, 1994.
11. Gasser, M. A Random Word Generator for Pronounceable Passwords. Technical Report ESD-TR-75-97, Electronic Systems Division, Hanscom Air Force Base, 1975.
12. Google Accounts. "Edit Password." https://www.google.com/ accounts/EditPasswd (accessed May 2006).
13. The Google API, http://www.google.com/apis/ (accessed February 2006).
14. John the Ripper, http://www.openwall.com/john/ (accessed February 2006).
15. Johnson, B.B. The Movie Quotes Site. http://www.moviequotes.com/ repository.cgi (accessed July 2004).
16. Jeyaraman. S., and Topkara, U. Have the cake and eat it too-Infusing usability into text-password based authentication systems. CERIAS and Department of Computer Sciences, Purdue University, 2005.
17. Klein, D. V., Foiling the Cracker; A Survey of, and Improvements to Unix Password Security", (revised paper with new data) Proceedings of the 14th DoE Computer Security Group, May 1991.
18. Kotadia, M. Microsoft Security Guru: Jot Down Your Passwords. CNET News.com, May 23, 2005. http://news.com.com/ Microsoft+security+guru+Jot+down+your+passwords/2100-7355_3-5716590.html (accessed March 2006).
19. Mac OS X Password Assistant. "Passwords: Safety in Numbers." http://www.apple.com/macosx/tips/password13.html (accessed May 2006).
20. Microsoft Corporation. Strong Passwords - How to Create and Use Them. Security At Home, Personal Information, November 30, 2005. http://www.microsoft. com/athome/security/privacy/password.mspx (accessed March 2006).
21. Moncur, M. The Quotations Page. http://www.quotationspage.com/quotes/ (accessed July 2004).
22. Mozilla Corporation, http://www.mozilla.com.
23. Password Cracking Wordlist, http://www.openwall.com/wordlists/ (accessed February 2006).
24. Password Safe, http://passwordsafe.sourceforge.net/ (accessed February 2006).
25. Quoteland.com. Quoteland.com...all the right words! http://www.quoteland. com/author.asp (accessed July 2004).
26. Rhymes.org.uk. Nursery Rhymes - Lyrics and Origins! http://www.rhymes. org.uk/ (accessed July 2004).
27. Richards, J.I. Research. University of Texas at Austin, Department of Advertising, February 10, 1997. http://advertising.utexas.edu/research/slogans/ index.asp (accessed July 2004).
28. Sasse, M. A., Brostoff, S., and Weirich, D. Transforming the weakest link: a human-computer interaction approach to usable and effective security. BT Technology Journal, Vol 19(3), 2001, pp. 122-131.
29. Spector, Y., and Ginzberg, J. Pass-sentence - a new approach to computer code. Computers & Security, Vol 13, 1994, pp. 145-160.
30. The Song Lyrics. Song Lyrics. http://www.thesonglyrics.com/ (accessed July 2004).
31. United States Coast Guard, http://www.uscg.mil/HQ/PSC/cghrms/ using_peoplesoft/how_to_change_your_password.htm (accessed February 2006).
32. University of Chicago, Networking Services and Information Technologies. "Choosing Good Passwords," 2002. http://security.uchicago.edu/docs/ userpassword.shtml (accessed March 2006).
33. University of Colorado, Department of Computer Science. "Password Policy," November 2004. http://www.cs.colorado.edu/~lizb/internal/password- policy.html (accessed February 2006).
34. University of New Orleans, Department of Computer Science. How Do I Create A Secure Password? Reprint of article in ;login 21, no. 3 (1996). http://www.cs.uno.edu/Resources/FAQ/faq4.html (accessed February 2006).
35. Van Vleck, T. "Java Password Generator," July 31, 1997. http://www.multicians.org/thw/gpw.html (accessed May 2006).
36. Yan. J., Blackwell A., Anderson, A., and Grant A. The Memorability and Security of Passwords - Some Empirical Results. Technical Report No. 500, Computer Laboratory, University of Cambridge, 2000.
37. Zviran. M., and Haga, W.J. Cognitive Passwords: The Key to Easy Access Control. Computers & Security, Vol 9, 1990, pp. 723-736.