Improved passphrases could make online experiences both user-friendly and secure

August 3, 2018, Human Factors and Ergonomics Society

Although passphrases, or phrase-based passwords, have been found to be more secure than traditional passwords, human factors issues such as typographical errors and memorability have slowed their wider adoption. Kevin Juang and Joel Greenstein, in their recently published Human Factors article, "Integrating Visual Mnemonics and Input Feedback With Passphrases to Improve the Usability and Security of Digital Authentication," developed and tested two new passphrase systems that seek to address these shortcomings and improve the usability and security of existing passphrase authentication systems.

The authors'' first passphrase system incorporated, in part, a specialized wordlist using simple, common words; a six-word sentence structure that made meaningful sense; and a user-created mnemonic picture to assist with recall. The final result would be a passphrase such as "silly pet wolf ate our pizzas," with an accompanying user-generated illustration. The second passphrase system replaced the six-word sentence structure with four words randomly drawn from a customized 1,450-word list.

Juang and Greenstein assessed the usability of their systems against two existing passphrase systems: a user-generated passphrase containing at least 24 characters, and a system-generated passphrase using words randomly drawn from a list of 10,000. To gauge the success of their new systems, the authors asked 50 adult participants to create, in five minutes, a passphrase and any applicable mnemonic—without writing down what they created. The participants completed two recall sessions, one immediately following the creation of the four passphrases and one 7 to 11 days later.

The authors found that memorability was greatly improved under their new systems compared with the existing ones: Second-session recall success rates in this study were 82% for the six-word sentence and 80% for the customized word list, versus only 50% for the user-generated passphrase and 34% for the passphrase created using the 10,000-word list. Given that study participants were instructed not to write down or practice their passphrases, Juang and Greenstein note that in real-world settings, the success rates for their new systems would likely increase.

Juang, a user experience research manager at SunTrust Bank, says, "Passphrases are more secure than passwords and avoid the various issues with biometric systems like fingerprint or facial recognition. It's inevitable that we will eventually need to move past traditional passwords, but it's nothing to fear. Instead of asking users to juggle both usability and security, which is complicated, let's provide secure passphrases and allow users to do what they do best: make things easier for themselves. By truly understanding how users think, we can design systems that keep them secure while also being easy to use."

Explore further: Researchers develop grammar-aware password cracker

More information: Kevin Juang et al, Integrating Visual Mnemonics and Input Feedback With Passphrases to Improve the Usability and Security of Digital Authentication, Human Factors: The Journal of the Human Factors and Ergonomics Society (2018). DOI: 10.1177/0018720818767683

Related Stories

Researchers develop grammar-aware password cracker

January 24, 2013

When writing or speaking, good grammar helps people make themselves be understood. But when used to concoct a long computer password, grammar—good or bad—provides crucial hints that can help someone crack that password, ...

Making and breaking passwords

March 24, 2016

The issue of choosing a good password is still key for cyber security because users tend to pick passwords that are easy to remember rather than secure. So what are the key attributes of a good password?

Protecting your smartphone from voice impersonators

July 19, 2017

It's a lot easier to talk to a smartphone than to try to type instructions on its keyboard. This is particularly true when a person is trying to log in to a device or a system: Few people would choose to type a long, complex ...

Encryption method takes authentication to a new level

September 30, 2016

VTT Technical Research Centre of Finland has developed new kinds of encryption methods for improving the privacy protection of consumers to enable safer, more reliable and easier-to-use user authentication than current systems ...

Recommended for you

In colliding galaxies, a pipsqueak shines bright

February 20, 2019

In the nearby Whirlpool galaxy and its companion galaxy, M51b, two supermassive black holes heat up and devour surrounding material. These two monsters should be the most luminous X-ray sources in sight, but a new study using ...

When does one of the central ideas in economics work?

February 20, 2019

The concept of equilibrium is one of the most central ideas in economics. It is one of the core assumptions in the vast majority of economic models, including models used by policymakers on issues ranging from monetary policy ...

Research reveals why the zebra got its stripes

February 20, 2019

Why do zebras have stripes? A study published in PLOS ONE today takes us another step closer to answering this puzzling question and to understanding how stripes actually work.

Correlated nucleons may solve 35-year-old mystery

February 20, 2019

A careful re-analysis of data taken at the Department of Energy's Thomas Jefferson National Accelerator Facility has revealed a possible link between correlated protons and neutrons in the nucleus and a 35-year-old mystery. ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.