Tuesday, October 10, 2006

Minimal-Feedback Hints for Remembering Passwords

Passwords are a widely used mechanism for user authentication and are thus critical to the security of many systems. To provide effective security, passwords should be known to the password holder but remain unknown to everybody else. While personal information and real words are relatively easy for a user to remember, they make weak passwords from a security point of view because vulnerable to informed guessing and dictionary attacks. Strong passwords (e.g., b5j#Kv!8N) are less vulnerable to attack but at the same time more difficult to remember. However, the sheer number of passwords people must have to accomplish their day-to-day activities exceeds most humans’ capacity for remembering meaningless strings of characters [1]. Most users handle the ensuing conflict between security and that ease of use by choosing passwords are easy to remember, writing down their passwords, using the same password for multiple systems, or in other ways giving ease of use priority over security.

Minimal-feedback hints are introduced to support users in remembering their passwords and thereby enabling them to choose stronger passwords. Whereas most password mechanisms leave it entirely to users to be able to remember their passwords, minimal-feedback hints aid users’ memory by providing them with a couple of the password characters when prompted for their password (see Figure 1). Minimal-feedback hints were first suggested by Lu and Twidale [3] with the thinking that “a few carefully revealed hints will jog an authorized user’s memory, but will be of insufficient help to an unauthorized user who does not know the password in the first place.”

At password creation, users select the password characters that should be provided as a hint. Then, the password with the hint characters revealed and all other characters replaced by, for example, underscores is converted to an image and slightly distorted. This conversion and distortion is done to provide additional security against password-cracking software. At login, the image is presented to users who will be able to determine which of their passwords must be the right one for this particular system, or to narrow down the set of likely passwords based on the hint. That is, the hint reveals the hint characters and their approximate position: ___ b ________ 8."    (Continued via uiGarden)    [Usability Resources]

Password dialogue with minimal-feedback hint - Usability, User Interface Design

Password dialogue with minimal-feedback hint


Post a Comment

<< Home

<< Home