Constructing secure and memorable passwords
Information and Computer Security
ISSN: 2056-4961
Article publication date: 22 June 2020
Issue publication date: 4 November 2020
Abstract
Purpose
Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remain the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to find strategies that allow for the generation of passwords that are both memorable and computationally secure.
Design/methodology/approach
The study began with a literature review that was used to identify cognitive password creation strategies that facilitate the creation of passwords that are easy to remember. Using an action-based approach, attack models were created for the resulting creation strategies. The attack models were then used to calculate the entropy for passwords created with different strategies and related to a theoretical cracking time.
Findings
The result of this study suggests that using phrases with four or more words as passwords will generate passwords that are easy to remember and hard to attack.
Originality/value
This paper considers passwords from a socio-technical approach and provides insight into how passwords that are easy to remember and hard to crack can be generated. The results can be directly used to create password guidelines and training material that enables users to create usable and secure passwords.
Keywords
Citation
Kävrestad, J., Lennartsson, M., Birath, M. and Nohlberg, M. (2020), "Constructing secure and memorable passwords", Information and Computer Security, Vol. 28 No. 5, pp. 701-717. https://doi.org/10.1108/ICS-07-2019-0077
Publisher
:Emerald Publishing Limited
Copyright © 2020, Emerald Publishing Limited