scispace - formally typeset
Search or ask a question
Topic

Password psychology

About: Password psychology is a research topic. Over the lifetime, 621 publications have been published within this topic receiving 25508 citations.


Papers
More filters
Journal ArticleDOI
Leslie Lamport1
TL;DR: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system.
Abstract: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system. The method assumes a secure one-way encryption function and can be implemented with a microcomputer in the user's terminal.

2,874 citations

Proceedings ArticleDOI
08 May 2007
TL;DR: The study involved half a million users over athree month period and gets extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site.
Abstract: We report the results of a large scale study of password use andpassword re-use habits. The study involved half a million users over athree month period. A client component on users' machines recorded a variety of password strength, usage and frequency metrics. This allows us to measure or estimate such quantities as the average number of passwords and average number of accounts each user has, how many passwords she types per day, how often passwords are shared among sites, and how often they are forgotten. We get extremely detailed data on password strength, the types and lengths of passwords chosen, and how they vary by site. The data is the first large scale study of its kind, and yields numerous other insights into the role the passwords play in users' online experience.

1,068 citations

Journal ArticleDOI
Robert Morris1, Ken Thompson1
TL;DR: The present design of the password security scheme was the result of countering observed attempts to penetrate the system and is a compromise between extreme security and ease of use.
Abstract: This paper describes the history of the design of the password security scheme on a remotely accessed time-sharing system. The present design was the result of countering observed attempts to penetrate the system. The result is a compromise between extreme security and ease of use.

1,015 citations

Proceedings Article
14 Aug 2000
TL;DR: Deja Vu is a recognition-based authentication system, which authenticates a user through her ability to recognize previously seen images, which is more reliable and easier to use than traditional recall-based schemes, which require the user to precisely recall passwords or PINs.
Abstract: Current secure systems suffer because they neglect the importance of human factors in security. We address a fundamental weakness of knowledge-based authentication schemes, which is the human limitation to remember secure passwords. Our approach to improve the security of these systems relies on recognition-based, rather than recall-based authentication. We examine the requirements of a recognition-based authentication system and propose Deja Vu, which authenticates a user through her ability to recognize previously seen images. Deja Vu is more reliable and easier to use than traditional recall-based schemes, which require the user to precisely recall passwords or PINs. Furthermore, it has the advantage that it prevents users from choosing weak passwords and makes it difficult to write down or share passwords with others. We develop a prototype of Deja Vu and conduct a user study that compares it to traditional password and PIN authentication. Our user study shows that 90% of all participants succeeded in the authentication tests using Deja Vu while only about 70% succeeded using passwords and PINS. Our findings indicate that Deja Vu has potential applications, especially where text input is hard (e.g., PDAs or ATMs), or in situations where passwords are infrequently used (e.g., web site passwords).

870 citations

Proceedings Article
23 Aug 1999
TL;DR: This work proposes and evaluates new graphical password schemes that exploit features of graphical input displays to achieve better security than text-based passwords and describes the prototype implementation of one of the schemes on a personal digital assistants (PDAs) namely the Palm PilotTM.
Abstract: In this paper we propose and evaluate new graphical password schemes that exploit features of graphical input displays to achieve better security than text-based passwords. Graphical input devices enable the user to decouple the position of inputs from the temporal order in which those inputs occur, and we show that this decoupling can be used to generate password schemes with substantially larger (memorable) password spaces. In order to evaluate the security of one of our schemes, we devise a novel way to capture a subset of the "memorable" passwords that, we believe, is itself a contribution. In this work we are primarily motivated by devices such as personal digital assistants (PDAs) that offer graphical input capabilities via a stylus, and we describe our prototype implementation of one of our password schemes on such a PDA, namely the Palm PilotTM.

869 citations


Network Information
Related Topics (5)
Authentication
74.7K papers, 867.1K citations
75% related
Cryptography
37.3K papers, 854.5K citations
73% related
Encryption
98.3K papers, 1.4M citations
71% related
Virtual machine
43.9K papers, 718.3K citations
71% related
Mobile device
58.6K papers, 942.8K citations
71% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
20184
201728
201653
201573
201489
201364