论文信息 - The memorability and security of passwords – some empirical results

The memorability and security of passwords – some empirical results

There are many things that are ‘well known’ about passwords, such as that uers can’t remember strong passwords and that the passwords they can remember are easy to guess. However, there seems to be a distinct lack of research on the subject that would pass muster by the standards of applied psychology. Here we report a controlled trial in which, of four sample groups of about 100 first-year students, three were recruited to a formal experiment and of these two were given specific advice about password selection. The incidence of weak passwords was determined by cracking the password file, and the number of password resets was measured from system logs. We observed a number of phenomena which run counter to the established wisdom. For example, passwords based on mnemonic phrases are just as hard to crack as random passwords yet just as easy to remember as naive user selections.

[1] G. A. Miller. THE PSYCHOLOGICAL REVIEW THE MAGICAL NUMBER SEVEN, PLUS OR MINUS TWO: SOME LIMITS ON OUR CAPACITY FOR PROCESSING INFORMATION 1 , 1956 .

[2] F. T. Grampp,et al. The UNIX system UNIX operating system security , 1984, AT&T Bell Laboratories Technical Journal.

[3] Moshe Zviran,et al. A Comparison of Password Techniques for Multilevel Authentication Mechanisms , 1990, Comput. J..

[4] James L. Clark,et al. UNIX Operating System Security , 1992, SEC.

[5] Daniel Klein,et al. Foiling the cracker: A survey of, and improvements to, password security , 1992 .