Abstract
Many Internet applications, for example e-commerce or email services require that users create a username and password which serves as an authentication mechanism. Though text passwords have been around for a while, not much has been done in helping naive Internet users in creating stron g passwords. Generally users prefer easy-to-remember passwords, but service provides prefer that users use a strong, difficult-to-guess password policy to protect their own resources. In this work we have explored how appropriate feedback on password strength can be useful in choosing a strong password. We fi rst discuss the results of a security vs. usability study that we did, which shows the current trends in choosing passwords, and how a password cracking tools can easily guess a majority of weak passwords. Next, we propose a novel framework, which addresses our problem of enforcing password policies. Given a password policy, our framework is able to monitor password strength, and suggest passwords that are stronger. Moreover, since our passwords are pareto-efficient, and involve user participation in making a selection, we believe that our framework makes appropriate tradeoffs between password strength and difficulty in remembering. We also propose novel ways to compute the password reminder interval so that user-satisfaction remains within bounds. Experimental study shows that our approach is much bette r that current password creation models, and serves as a practical tool that can be integrated with Internet app lications.
Highlights
E-commerce has experienced a very high growth rate in the recent decades
Text passwords should be such that they are easy to remember, and consistent with the password policy defined by the organization
We have proposed a novel technique based on pareto-efficiency to balance security and usability requirements
Summary
E-commerce has experienced a very high growth rate in the recent decades. As part of conducting their business, most online services [2, 7, 6, 4] require users to create a username and password before using their services. The username and password is the first line of defense against unauthorized access to the company’s ‘resources’, while providing the flexibility of allowing the user to manage their accounts online. This flexibility of accessing information online comes with a cost. A strong password is usually one that is hard to guess or takes too much time to crack. These definitions are subjective, and may depend on the implementation of the password policy. We motivate the problem, and list our contributions
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
