Skip to main content

Improving the Security and Usability of Text Passwords

Researchers: Lorrie Cranor, Lujo Bauer, Nicolas Christin

Cross Cutting Thrusts: Usable Privacy and Security

Abstract

Scope: This project aims to explore usability and security issues associated with text passwords and produce guidelines for simultaneously maximizing both. Our preliminary study  demonstrated that with the benefit of empirical data on how human’s select passwords under various requirements, NIST’s password guidelines can be improved. We propose to conduct an online study to determine the entropy and memorability of passwords created by users assigned to various password composition conditions. We have also begun to work with the CMU ISO to collect data related to password choices of Andrew users.

Outcomes: We expect to produce 1 or more peer-reviewed conference papers as well as password policy guidance that we can propose to NIST and other organizations that make recommendations to system operators.

Technical Report: Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms