A Novel Web-based Approach for Balancing Usability and Security Requirements of Text Passwords
Dhananjay Kulkarni
Department of Computer Science, Boston University Metropolitan College, Boston USA
ABSTRACT
Many Internet applications, for example e-commerce or email services require that users create a username and password which serves as an authentication mechanism. Though text passwords have been around for a while, not much has been done in helping naive Internet users in creating strong passwords. Generally users prefer easy-to-remember passwords, but service provides prefer that users use a strong, difficult-to-guess password policy to protect their own resources. In this work we have explored how appropriate feedback on password strength can be useful in choosing a strong password. We first discuss the results of a security vs. usability study that we did, which shows the current trends in choosing passwords, and how a password cracking tools can easily guess a majority of weak passwords. Next, we propose a novel framework, which addresses our problem of enforcing password policies. Given a password policy, our framework is able to monitor password strength, and suggest passwords that are stronger. Moreover, since our passwords are pareto-efficient, and involve user participation in making a selection, we believe that our framework makes appropriate tradeoffs between password strength and difficulty in remembering. We also propose novel ways to compute the password reminder interval so that user-satisfaction remains within bounds. Experimental study shows that our approach is much better that current password creation models, and serves as a practical tool that can be integrated with Internet applications.
KEYWORDS
Authentication, Text Passwords, Password Strength, Pareto-efficiency, Usability
Original Source Link : http://airccse.org/journal/nsa/0710ijnsa01.pdf
No comments:
Post a Comment