FSU ETD Logo

Title page for ETD etd-07022007-184611

Type of Document Dissertation
Author Henry, Peter Thomas
URN etd-07022007-184611
Title Toward Usable, Robust Memometric Authentication: An Evaluation of Selected Password Generation Assistance
Degree Doctor of Philosophy
Department Information Studies, College of
Advisory Committee
Advisor Name Title
Charles R. McClure Committee Chair
Gary Burnett Committee Member
John Carlo Bertot Committee Member
Michael Burmester Committee Member
Keywords
  • usability
  • memometrics
  • authentication
  • information security
  • security
  • password
Date of Defense 2007-05-21
Availability unrestricted
Abstract
This dissertation explored the effects of various types of assistance on the generation, recall, and input of robust passwords containing at least twenty characters. Passwords are desirable memometric authentication secrets for many reasons, but their continued effectiveness depends on increasing their resistance to emerging attacks. Resistance to attacks is increasingly a function of length. Although previous password research revealed widespread use of short, weak passwords and conventional wisdom considers users incapable of reliably generating, recalling, and accurately inputting strong passwords, this study investigated ways to assist users in meeting the specific challenges of robust password management.

Interventions in the password-generation stage of this study introduced participants to five password generation schemes, supplied various numbers of example passwords, and required reentry of passwords immediately after generation to explore possible benefits on subsequent authentication performance. Key findings of this research were that:

· Twenty-character passwords can be as strong as their corresponding 128-bit hashes;

· Acrostic password-generation schemes produced strong passwords;

· Confessional and Unexpected Nonsense schemes produced memorable passwords;

· Supplying example passwords led to stronger passwords;

· All participants easily generated 20-character passwords and most experienced few problems in the vague recall of them;

· 30% of participants generated and used very strong passwords without failure for seven weeks;

· The input of the precise formulation of robust passwords was the greatest single cause of authentication failure;

· Exposure to 5 or 10 additional password examples during the generation stage did not improve subsequent password performance;

· Reentry of passwords four times during the generation stage did not improve subsequent password performance;

· Although education and training are beneficial, the actual study treatments were not universally effective; and

· The population of password users and the reasons for password failure are complex, and users who experience difficulties require additional attention and resources on a contingency basis.
Files
  Filename       Size       Approximate Download Time (Hours:Minutes:Seconds) 
 
 28.8 Modem   56K Modem   ISDN (64 Kb)   ISDN (128 Kb)   Higher-speed Access 
  pth_dissertation.pdf 2.34 Mb 00:10:50 00:05:34 00:04:52 00:02:26 00:00:12
Browse All Available ETDs by ( Author | Department )
If you have more questions or technical problems, please Contact the FSU Digital Library Center.