Related papers: A Survey on Password Guessing
Passwords are the most common mechanism for authenticating users online. However, studies have shown that users find it difficult to create and manage secure passwords. To that end, passphrases are often recommended as a usable alternative…
Text-based secrets are still the most commonly used authentication mechanism in information systems. IT managers must strike a balance between security and memorability while developing password policies. Initially introduced as more secure…
Text password has long been the dominant user authentication technique and is used by large numbers of Internet services. If they follow recommended practice, users are faced with the almost insuperable problem of generating and managing a…
Due to the prevalence of online services in modern society, such as internet banking and social media, it is important for users to have an understanding of basic security measures in order to keep themselves safe online. However, users…
Password managers encourage users to generate passwords to improve their security. However, research has shown that users avoid generating passwords, often giving the rationale that it is difficult to enter generated passwords on devices…
Passphrases offer an alternative to traditional passwords which aim to be stronger and more memorable. However, users tend to choose short passphrases with predictable patterns that may reduce the security they offer. To explore the…
We present an in-depth analysis on the strength of the almost 10,000 passwords from users of an instant messaging server in Italy. We estimate the strength of those passwords, and compare the effectiveness of state-of-the-art attack methods…
User authentication is one of the most important part of information security. Computer security most commonly depends on passwords to authenticate human users. Password authentication systems will be either been usable but not secure, or…
Password updates are a critical account security measure and an essential part of the password lifecycle. Service providers and common security recommendations advise users to update their passwords in response to incidents or as a critical…
User-chosen passwords remain essential to online security, and yet people continue to choose weak, insecure passwords. In this work, we investigate whether prospect theory, a behavioral model of how people evaluate risk, can provide…
Since the demise of the password was predicted in 2004, different attempts in industry and academia have been made to create an alternative for the use of passwords in authentication, without compromising on security and user experience.…
Users often choose passwords that are easy to remember but also easy to guess by attackers. Recent studies have revealed the vulnerability of textual passwords to shoulder surfing and keystroke loggers. It remains a critical challenge in…
Password advice is constantly circulated by standards agencies, companies, websites and specialists. But there appears to be great diversity in terms of the advice that is given. Users have noticed that different websites are enforcing…
Before deploying a new user authentication scheme, it is critical to subject the scheme to comprehensive study. Few works, however, have undertaken such a study. Recently, Thorpe et al. proposed GeoPass, the most promising of a class of…
We introduce quantitative usability and security models to guide the design of password management schemes --- systematic strategies to help users create and remember multiple passwords. In the same way that security proofs in cryptography…
System passwords serve as critical credentials for user authentication and access control when logging into operating systems or applications. Upon entering a valid password, users pass verification to access system resources and execute…
Researchers have extensively explored how password creation policies influence the security and usability of user-chosen passwords, producing evidence-based policy guidelines. However, for web authentication to improve in practice, websites…
Some protected password change protocols were proposed. However, the previous protocols were easily vulnerable to several attacks such as denial of service, password guessing, stolen-verifier and impersonation atacks etc. Recently, Chang et…
Nowadays, user authentication is one of the important topics in information security. Strong textbased password schemes could provide with certain degree of security. However, the fact that strong passwords are difficult to memorize often…
Security questions are one of the mechanisms used to recover passwords. Strong answers to security questions (i.e. high entropy) are hard for attackers to guess or obtain using social engineering techniques (e.g. monitoring of social…