Accession Number : ADA225390


Title :   The Characteristics of User-Generated Passwords


Descriptive Note : Master's thesis


Corporate Author : NAVAL POSTGRADUATE SCHOOL MONTEREY CA


Personal Author(s) : Sawyer, Darren A


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a225390.pdf


Report Date : Mar 1990


Pagination or Media Count : 109


Abstract : The most widely used mechanism for access control to information systems is passwords. Passwords can be machine-generated using a list of words stored in a memory bank, machine-generated using a sophisticated algorithm to create a pseudo-random combination of characters or they can be user-generated. User-generated passwords typically take on the characteristics of some type of meaningful detail that is simple in structure and easy to remember. Memorability and security pose a difficult trade-off in password generation. A system security administrator wants passwords that are unpredictable, frequently changed and provide the greatest degree of system security achievable while users want passwords that are simple and easy to remember. When they become difficult to remember they are likely to be written down. Once written down a compromise to security occurs because users tend to store them in insecure places. This thesis looks at user-generated password characteristics. Of particular interest is how password selection, memorability and predictability are affected by the number of characters in a password, the importance and sensitivity of a user's data, a user's work location, how a password was chosen, the frequency of changing a password and the frequency of logging on to a system with a password. Theses.


Descriptors :   *DATA PROCESSING SECURITY , *ACCESS , INFORMATION SYSTEMS , SECURITY , THESES , IDENTIFICATION , CONTROL , ALGORITHMS , VERIFICATION


Subject Categories : Computer Systems Management and Standards


Distribution Statement : APPROVED FOR PUBLIC RELEASE