Abstract
As lay persons' use of information processing equipment increases, systems' accurate verification of a user's identity becomes a matter of growing concern. Prime considerations are:1. People must be prevented from convincing the system that they are someone else.2. The system must properly accept persons' accurate statements of their identities.3. Verification procedures must impose a minimal burden on lay users.4. Costs of verification must be reasonable. [9, 10, 11, 13, 19]
- Branstad, Dennis, Draft Federal Information Processing Standards.Google Scholar
- Gasser, M., "A Random Word Generator for Pronounceable Passwords," MITRE Corporation, November 1975.Google Scholar
- Haskett, James A., "Pass-Algorithms: A User Validation Scheme Based on Knowledge or Secret Algorithms,"
Communications of the ACM , 27, (8 /84), pages 777--781. Google ScholarDigital Library - International Business Machines, OS/VS2 MVS Resource Access Control Facility Installation Reference Manual, Form Number SC28-0734, IBM Corporation.Google Scholar
- Kurzban, Stan, "A Dozen Gross 'Mytnconceptions' about Information Processing Security,"
Security, IFIP/Sec '83 (Edited by Vilveke A. Fak), North Holland Publishing Company, Amsterdam (1983), pages 15--25.Google Scholar - Kurzban, Stanley A., Heines, Thomas S., and Sayers, Anthony P.,
Operating Systems Principles (Second Edition), Van Nostrand Reinhold, New York, New York, 1984. Google ScholarDigital Library - Lamport, Leslie, "Password Authentication with Insecure Communication,"
Communications of the ACM , 24, 11 (Nov. 1981), pages 770--772. Google ScholarDigital Library - McPhee, William S., "Perspectives on System Security and System Integrity,"
Proceedings of Share European Association (SEAS) (October 1978), pages 264--280.Google Scholar - Meissner, Paul, "Evaluation of Techniques for Verifying Personal Identity,"
Proceedings, ACM-NBS Fifteenth Annual Technical Symposium , National Bureau of Standards, June 17, 1976, pages 119--127.Google Scholar - Morris, Robert, and Thompson, Ken, "Password Security: A Case History," Computing Science Technical Report #71, Bell Laboratories (April 3, 1978).Google Scholar
- Morris, R., and Thompson, K., "Password Security: A Case History,"
Communications of the ACM , 22, 11 (11/79), pages 594--597. Google ScholarDigital Library - Orceyre, Michael J., and Courtney, Robert H., Jr., "Considerations in the Selection of Security Measures for Automatic Data Processing Systems" (Edited by Gloria R. Bolotsky), NBS Special Publication 500-33 (June 1978).Google Scholar
- Porter, S. N., "A Password Extension for Improved Human Factors,"
Computers and Security , Volume 1, Number 1, January 1982, pages 54--56.Google Scholar - Reitman, Judith S., "Computer Simulation of an Information Processing Model of Short-Term Memory," in
Models of Human Memory (Donald A. Norman, Editor), Academic Press, Incorporated, New York, 1970, pages 117--148.Google Scholar - Schweitzer, James A., "COMPUTER SECURITY: Make Your Passwords More Effective,"
EDPACS , Volume X, Number 8, February 1983, pages 6--11.Google Scholar - Wilkes, M. V.,
Time-Sharing Computer Systems , American Elsevier, New York (1968), pages 91ff. Google ScholarDigital Library - Winitz, H., Herriman, E., and Belleross, B., "Long-Term Recall of Speech Sounds as a Function of Pronounceability,"
Language and Speech , 18 (1/75), pages 74--82.Google Scholar - Wood, Charles Cresson, "Effective Information System Security with Password Controls,"
Computers and Security , 2, 1 (January 1983), pages 5--10.Google ScholarCross Ref - Wood, Helen M., "The Use of Passwords for Controlled Access to Computer Resources," NBS Special Publication 500-9, May 1977.Google Scholar
Recommendations
Reinforcing System-Assigned Passphrases Through Implicit Learning
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityPeople tend to choose short and predictable passwords that are vulnerable to guessing attacks. Passphrases are passwords consisting of multiple words, initially introduced as more secure authentication keys that people could recall. Unfortunately, ...
Improving security and usability of passphrases with guided word choice
ACSAC '18: Proceedings of the 34th Annual Computer Security Applications ConferencePassphrases have many uses, such as serving as seeds for passwords. User-created passphrases are easier to remember, but tend to be less secure than ones created from words randomly chosen in a dictionary. This paper develops a way of making more ...
MASCARA : Systematically Generating Memorable And Secure Passphrases
ASIA CCS '23: Proceedings of the 2023 ACM Asia Conference on Computer and Communications SecurityPasswords are the most common mechanism for authenticating users online. However, studies have shown that users find it difficult to create and manage secure passwords. To that end, passphrases are often recommended as a usable alternative to passwords, ...
Comments