论文信息 - “Ten strikes and you're out”: Increasing the number of login attempts can improve password usability

“Ten strikes and you're out”: Increasing the number of login attempts can improve password usability

Many users today are struggling to manage an increasing number of passwords. As a consequence, many organizations face an increasing demand on an expensive resource – the system administrators or help desks. This paper suggests that re-considering the “3- strikes” policy commonly applied to password login systems would be an immediate way of reducing this demand. We analyzed 10 weeks worth of system logs from a sample of 386 users, whose login attempts were not restricted in the usual manner. During that period, only 10% of login attempts failed. We predict that requests for password reminders could be reduced by up to 44% by increasing the number of strikes from 3 to ten.

Sacha Brostoff | Martina Angela Sasse | M. Sasse | Sacha Brostoff

[1] Sacha Brostoff,et al. Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[2] M. Angela Sasse,et al. Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[3] Ken Frazer,et al. Building secure software: how to avoid security problems the right way , 2002, SOEN.

[4] Moshe Zviran,et al. A Comparison of Password Techniques for Multilevel Authentication Mechanisms , 1990, Comput. J..

[5] M. Angela Sasse,et al. Users are not the enemy , 1999, CACM.