Cross Cutting Thrusts: Usable Privacy and Security
Scope: This project aims to explore usability and security issues associated with text passwords and produce guidelines for simultaneously maximizing both. Our preliminary study demonstrated that with the benefit of empirical data on how human’s select passwords under various requirements, NIST’s password guidelines can be improved. We propose to conduct an online study to determine the entropy and memorability of passwords created by users assigned to various password composition conditions. We have also begun to work with the CMU ISO to collect data related to password choices of Andrew users.
Outcomes: We expect to produce 1 or more peer-reviewed conference papers as well as password policy guidance that we can propose to NIST and other organizations that make recommendations to system operators.