TY - GEN
T1 - An Empirical Analysis on the Usability and Security of Passwords
AU - Walia, Kanwardeep Singh
AU - Shenoy, Shweta
AU - Cheng, Yuan
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/8
Y1 - 2020/8
N2 - Security and usability are two essential aspects of a system, but they usually move in opposite directions. Sometimes, to achieve security, usability has to be compromised, and vice versa. Password-based authentication systems require both security and usability. However, to increase password security, absurd rules are introduced, which often drive users to compromise the usability of their passwords. Users tend to forget complex passwords and use techniques such as writing them down, reusing them, and storing them in vulnerable ways. Enhancing the strength while maintaining the usability of a password has become one of the biggest challenges for users and security experts. In this paper, we define the pronounceability of a password as a means to measure how easy it is to memorize-an aspect we associate with usability. We examine a dataset of more than 7 million passwords to determine whether the usergenerated passwords are secure. Moreover, we convert the usergenerated passwords into phonemes and measure the pronounceability of the phoneme-based representations. We then establish a relationship between the two and suggest how password creation strategies can be adapted to better align with both security and usability.
AB - Security and usability are two essential aspects of a system, but they usually move in opposite directions. Sometimes, to achieve security, usability has to be compromised, and vice versa. Password-based authentication systems require both security and usability. However, to increase password security, absurd rules are introduced, which often drive users to compromise the usability of their passwords. Users tend to forget complex passwords and use techniques such as writing them down, reusing them, and storing them in vulnerable ways. Enhancing the strength while maintaining the usability of a password has become one of the biggest challenges for users and security experts. In this paper, we define the pronounceability of a password as a means to measure how easy it is to memorize-an aspect we associate with usability. We examine a dataset of more than 7 million passwords to determine whether the usergenerated passwords are secure. Moreover, we convert the usergenerated passwords into phonemes and measure the pronounceability of the phoneme-based representations. We then establish a relationship between the two and suggest how password creation strategies can be adapted to better align with both security and usability.
KW - authentication
KW - passwords
KW - phonemes
KW - security
KW - usability
UR - http://www.scopus.com/inward/record.url?scp=85092163453&partnerID=8YFLogxK
U2 - 10.1109/IRI49571.2020.00009
DO - 10.1109/IRI49571.2020.00009
M3 - Conference contribution
AN - SCOPUS:85092163453
T3 - Proceedings - 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science, IRI 2020
SP - 1
EP - 8
BT - Proceedings - 2020 IEEE 21st International Conference on Information Reuse and Integration for Data Science, IRI 2020
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 21st IEEE International Conference on Information Reuse and Integration for Data Science, IRI 2020
Y2 - 11 August 2020 through 13 August 2020
ER -