AvoidPwd: A mnemonic password generation strategy based on keyboard transformation

Abstract

Identity authentication is the first line of defense for network security. Passwords have been the most widely used authentication method in recent years. Although there are security risks in passwords, they will be the primary method in the future due to their simplicity and low cost. Considering the security and usability of passwords, we propose AvoidPwd, which is a novel mnemonic password generation strategy that is based on keyboard transformation. AvoidPwd helps users customize a "route" to bypass an "obstacle" and choose the characters on the "route" as the final password. The "obstacle" is a certain word using any language and the keys adjacent to the "obstacle" are typed with the "Shift" key. A two-part experiment was conducted to examine the memorability and security of the AvoidPwd strategy with other three password strategies and three leaked password sets. The results showed that the passwords generated by the AvoidPwd strategy were more secure than the other leaked password sets. Meanwhile, AvoidPwd outperformed the KbCg, SpIns, and Alphapwd in balancing security and usability. In addition, there are more symbols in the character distribution of AvoidPwd than the other strategies. AvoidPwd is hopeful to solve the security problem that people are difficult to remember symbols and they tend to input letters and digits when creating passwords.