Toggle Main Menu Toggle Search

Open Access padlockePrints

Password memorability and security: empirical results

Lookup NU author(s): Dr Jeff Yan



There are many things that are ‘well known’ about passwords, such as that users can’t remember strong passwords and that the passwords they can remember are easy to guess. However, there seems to be a distinct lack of research on the subject that would pass muster by the standards of applied psychology. Here we report a controlled trial in which, of four sample groups of about 100 first-year students, three were recruited to a formal experiment and of these two were given specific advice about password selection. The incidence of weak passwords was determined by cracking the password file, and the number of password resets was measured from system logs. We observed a number of phenomena which run counter to the established wisdom. For example, passwords based on mnemonic phrases are just as hard to crack as random passwords yet just as easy to remember as naive user selections.

Publication metadata

Author(s): Yan J, Blackwell A, Anderson R, Grant A

Publication type: Article

Publication status: Published

Journal: IEEE Security and Privacy

Year: 2004

Volume: 2

Issue: 5

Pages: 25-31

Date deposited: 09/12/2010

ISSN (print): 1540-7993

ISSN (electronic): 1558-4046

Publisher: IEEE Computer Society


DOI: 10.1109/MSP.2004.81


Altmetrics provided by Altmetric