Improving text passwords through persuasion

SOUPS 2008 - Proceedings of the 4th Symposium on Usable Privacy and Security

Volumn , Issue , 2008, Pages 1-12

  Forget, Alain ^a   Chiasson, Sonia ^a   Van Oorschot, P C ^a   Biddle, Robert ^a  

^a CARLETON UNIVERSITY   (Canada)

Author keywords

Authentication; Passwords; Persuasive technology; Usable security

Indexed keywords

MEMORY LOADS; OPEN PROBLEMS; PASSWORD SECURITIES; PASSWORD STRENGTHS; PASSWORDS; PERSUASIVE TECHNOLOGY; RANDOM CHARACTERS; RANDOM POSITIONS; RESTRICTION POLICIES; TEXT PASSWORDS; USABLE SECURITY; USER STUDIES;

AUTHENTICATION;

EID: 65449177711     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1408664.1408666     Document Type: Conference Paper

References (29)

1. Adams, A. and Sasse, M.A. Users Are Not The Enemy. Communications of the ACM 42, 12 (1999), 41-46.
2. Bartavelle. Patches for John the Ripper. Accessed February 2008, http://www.banquise.net/misc/patch-john.html
3. Burr, W.E., Dodson, D.F., and Polk, W.T. Electronic Authentication Guideline. NIST Special Publication 800-63, Version 1, 2004.
4. Chiasson, S., Forget, A., Biddle, R., and van Oorschot, P.C. Influencing Users Towards Better Passwords: Persuasive Cued Click-Points. British Computer Society HCI 2008.
5. Chiasson, S., van Oorschot, P.C., and Biddle, R. A Usability Study and Critique of Two Password Managers. USENIX Security Symposium 2006, 1-16.
6. Designer, S. John the Ripper password cracker. Accessed February 2008, http://www.openwall.com/john/
7. Florencio, D., Herley, C., and Coskun, B. Do Strong Passwords Accomplish Anything? USENIX Workshop on Hot Topics in Security 2007.
8. Florencio, D. and Herley, C. A Large-Scale Study of Web Password Habits. WWW 2007, ACM Press, 657-666.
9. Fogg, B.J. Persuasive Technology: Using Computers to Change What We Think and Do. Morgan Kaufmann, San Francisco, USA, 2003.
10. Forget, A., Chiasson, S., van Oorschot, P.C., and Biddle, R. Persuasion for Stronger Passwords. Persuasive Technology 2008, Springer-Verlag.
11. Forget, A., Chiasson, S., and Biddle, R. Persuasion as Education for Computer Security. AACE E-Learn 2007, 822-829.
12. Furnell, S. An assessment of website password practices. Computers & Security 26, 7-8 (2007), 445-451.
13. Halderman, J.A., Waters, B., and Felten, E.W. A Convenient Method for Securely Managing Passwords. ACM WWW 2005, 471-479.
14. Jeyaraman, S. and Topkara, U. Have the cake and eat it too - Infusing usability into text-password based authentication systems. IEEE ACSAC 2005, 473-482.
15. Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., and Rubin, A.D. The Design and Analysis of Graphical Passwords. USENIX Security Symposium 1999.
16. Kuo, C., Romanosky, S., and Cranor, L.F. Human Selection of Mnemonic Phrase-based Passwords. ACM SOUPS 2006, 67-78.
17. Leonhard, M.D. and Venkatakrishnan, V.N. A Comparative Study of Three Random Password Generators. IEEE EIT 2007, 227-232.
18. Peterson, L.R. and Peterson, M.J. Short-term retention of individual verbal items. Experimental Psychology 58, 3 (1959), 193-198.
19. Pond, R., Podd, J., Bunnell, J., and Henderson, R. Word Association Computer Passwords: The Effect of Formulation Techniques on Recall and Guessing Rates. Computers & Security 19, 7 (2000), 645-656.
20. Proctor, R.W., Lien, M.-C., Vu, K.-P.L. Improving computer security for authentication of users: Influence of proactive password restrictions. Behavior Research Methods, Instruments, & Computers 32, 2 (2002), 163-169.
21. Ramsbrock, D., Berthier, R., and Cukier, M. Profiling Attacker Behaviour Following SSH Compromises. IEEE International Conference on Dependable Systems and Networks 2007.
22. Ross, B., Jackson, C., Miyake, N., Boneh, D., and Mitchell, J.C. Stronger Password Authentication Using Browser Extensions. USENIX Security Symposium 2005, 17-31.
23. Shannon, C.E. Prediction and Entropy of Printed English. Bell System Technical Journal 30, 1 (1951), 50-64.
24. St. Clair, L., Johansen, L., Enck, W., Pirretti, M., Traynor, P., McDaniel, P., and Jaeger, T. Password Exhaustion: Predicting the End of Password Usefulness. ICISS 2006, Springer-Verlag, 37-55.
25. Seifert, C. Analyzing Malicious SSH Login Attempts. Security Focus Infocus article, September 2006. http://www.securityfocus.com/infocus/1876, accessed May 2008.
26. Thames, J.L., Abler, R., and Keeling, D. A Distributed Active Response Architecture for Preventing SSH Dictionary Attacks. IEEE Southeastcon 2008, 84-89.
27. Vu, K.-P.L., Proctor, R.W., Bhargav-Spantzel, A., Tai, B.-L., Cook, J., and Schultz, E.E. Improving password security and memorability to protect personal and organizational information. International Journal of Human-Computer Studies 65, 8 (2007), 744-757.
28. Whitten, A. and Tygar, J.D. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. USENIX Security Symposium 1999, 169-183.
29. Yan, J., Blackwell, A., Anderson, R., and Grant, A. Password Memorability and Security: Empirical Results. IEEE Security & Privacy Magazine 2, 5 (2004), 25-31.