ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Improving interface designs to help users choose better passwords
Full text PdfPdf (297 KB)
Source Conference on Human Factors in Computing Systems archive
CHI '06 extended abstracts on Human factors in computing systems table of contents
Montréal, Québec, Canada
SESSION: Work-in-progress table of contents
Pages: 652 - 657  
Year of Publication: 2006
ISBN:1-59593-298-4
Authors
Richard M. Conlan  Northeastern University, Boston, MA
Peter Tarasewich  Northeastern University, Boston, MA
Sponsors
ACM: Association for Computing Machinery
SIGCHI: ACM Special Interest Group on Computer-Human Interaction
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 12,   Downloads (12 Months): 110,   Citation Count: 1
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1125451.1125585
What is a DOI?

ABSTRACT

Conventional wisdom seems to have concluded that traditional passwords are inherently insecure. The argument is usually that users choose bad passwords and cannot be expected to remember strong passwords. We feel that these conclusions are premature and that this argument is flawed. At present most password selection mechanisms are not designed according to basic HCI principles and we believe that this is highly responsible for the above conclusions. Our current research is reexamining the problem of password selection and memorability through the exploration of password selection mechanisms with novel interface designs. The goal of this research is develop both principles and designs that help users to choose passwords that are both memorable and secure.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
PGP Corporation's PGP Desktop. Available at: http://tinyurl.com/8fh38.
 
2
Google's Gmail. Available at: http://tinyurl.com/2gvnd.
 
3
Anne Adams , Martina Angela Sasse , Peter Lunt, Making Passwords Secure and Usable, Proceedings of HCI on People and Computers XII, p.1-19, January 1997
4
Anne Adams , Martina Angela Sasse, Users are not the enemy, Communications of the ACM, v.42 n.12, p.40-46, Dec. 1999  [doi>10.1145/322796.322806]
 
5
Alan Dix , Janet Finlay , Gregory Abowd , Russell Beale, Human-computer interaction, Prentice-Hall, Inc., Upper Saddle River, NJ, 1997
 
6
Gehringer, E. Choosing Passwords: Security and Human Factors. ISTAS'02, 2002, 39--373.
 
7
Hairball. Fun Password Facts. 2600: The Hacker's Quartely, Vol. 19, No. 1, Spring 2002.
 
8
Ilett, D. Gates: Passwords passé. CNET News.com. Nov. 16, 2004. Available at: http://tinyurl.com/bcqt5.
 
9
Kaige. Fun Password Facts Revisited. 2600: The Hacker's Quarterly, Vol. 19, No. 3, Fall 2002.
 
10
Norman, D. A. The Design of Everyday Things. Doubleday, New York, USA, 1988.
 
11
Passwords vs. Strong Authentication. RSA Security. Available at: http://tinyurl.com/cru4a.
 
12
Saita, A. RSA 2005: Passwords at the breaking point. SearchSecurity.com, Feb. 16, 2005. Available at: http://tinyurl.com/cf4so
 
13
M. A. Sasse , S. Brostoff , D. Weirich, Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security, BT Technology Journal, v.19 n.3, p.122-131, July 2001  [doi>10.1023/A:1011902718709]
 
14
Ben Shneiderman , Catherine Plaisant, Designing the User Interface: Strategies for Effective Human-Computer Interaction (4th Edition), Pearson Addison Wesley, 2004
15
Dirk Weirich , Martina Angela Sasse, Pretty good persuasion: a first step towards effective password security in the real world, Proceedings of the 2001 workshop on New security paradigms, September 10-13, 2001, Cloudcroft, New Mexico  [doi>10.1145/508171.508195]
16
Jianxin Jeff Yan, A note on proactive password checking, Proceedings of the 2001 workshop on New security paradigms, September 10-13, 2001, Cloudcroft, New Mexico  [doi>10.1145/508171.508194]
 
17
Jeff Yan , Alan , Ross , Alasdair, Password Memorability and Security: Empirical Results, IEEE Security and Privacy, v.2 n.5, p.25-31, September 2004  [doi>10.1109/MSP.2004.81]

CITED BY
Lorrie Faith Cranor, A framework for reasoning about the human in the loop, Proceedings of the 1st Conference on Usability, Psychology, and Security, p.1-15, April 14-14, 2008, San Francisco, California

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6)
          Subjects: Graphical user interfaces (GUI)

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Authentication


Keywords:
HCI, HCISEC, interface design, passwords, proactive password checking, security, usability, user-centered design

Collaborative Colleagues:
Richard M. Conlan: colleagues
Peter Tarasewich: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player