Password Education Based on Guidelines Tailored to Different Password Categories
Journal article, Peer reviewed
Permanent lenke
http://hdl.handle.net/11250/142524Utgivelsesdato
2011Metadata
Vis full innførselSamlinger
Originalversjon
Helkala, K. M. (2011). Password Education Based on Guidelines Tailored to Different Password Categories. Journal of Computers, 6 (5): 969-975. http://dx.doi.org/10.4304/jcp.6.5.969-975Sammendrag
General password policies do not guarantee that
passwords fulfilling the requirement are good enough. The
policies have a tendency to be too broad to be useful for
all users. Different users have different designing processes
based on what kind of passwords they most easily remember.
Users are also often left to generate passwords on their own
without any training. In our study we used new password
creation guidelines when teaching students password security.
We divided passwords into three password categories:
Word password, Mixture password and Non-word password.
For each category different password generation guidelines
were taught to students. Students had access to the password
quality measurement tool, which not only measured the
strength of the password but also guided students in the
generation process. Our goal is to measure the effect of
education on the strength of a password and analyze recall
rates of the passwords created by the new guidelines. It is
shown that education had a positive effect and that passwords
became stronger right after the education. The most
important result is that a password structure got changed as
the variation of structures increased and different structure
types were more evenly distributed. However, after half
a year without reminders or education repetition, most
of the positive effect was lost. While password structures
still differed, they had become less complex as participants
had given up using special characters. Recall rates of the
passwords generated with new guidelines are good.
Beskrivelse
This is the copy of journal's version originally published in Journal of Computers: http://www.academypublisher.com/jcp/index.html