1 / 7

A Behavioral Analysis of Passphrase Design and Effectiveness

A Behavioral Analysis of Passphrase Design and Effectiveness. Mark Keith, Benjamin Shao, & Paul Steinbart Journal of the Association for Information Systems (2009) Gun- woong Lee. Overview. Research Motivation and Questions Passwords vs. Passphrases Security vs. Usability

koko
Download Presentation

A Behavioral Analysis of Passphrase Design and Effectiveness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Behavioral Analysis of Passphrase Design and Effectiveness Mark Keith, Benjamin Shao, & Paul Steinbart Journal of the Association for Information Systems (2009) Gun-woong Lee

  2. Overview • Research Motivation and Questions • Passwords vs. Passphrases • Security vs. Usability • Does the passphrase enhance the usability as compared to conventional passwords? • Behavioral Effects • Typing mistake vs. Memory errors • Do passphrases increase the memorability and reduce typing errors? • Psychological Effects • Login failure / User Perceptions / Intent to Adopt • Do enhanced authentication credential increase the user perceptions and intent to adopt the system? • Theoretical Background • Memory-based login failure: Chucking & Phonological similarity effect • Typographical-based login failures: Skilled Typing (WTD) • User Perception and intent to adopt: User Perceptions and Technology acceptance • Methodology • Longitudinal Filed Study: controlled experiment + Survey

  3. Research Framework and Hypotheses Behavioral Effects Psychological Effects Survey Experiment

  4. Findings One student used all keyboard characters!

  5. Strengthens • Research motivation • Motivated by academic an practical needs • Evaluate conflict results of usability of Passphrases • Create new knowledge about effective Passphrases design • Theoretical Background • Use of multiple theories from various disciplines • Theory-enabled hypotheses • Strong theoretical foundations • Methodology • Combined methods • Behavioral effects (experiment) & Psychological effects (Survey) • Contributions • IS researchers: future avenues for future research • Practitioners: help them to develop polices enhancing security and usability

  6. Weaknesses and Extensions • Limited experimental setting • Consider Login frequency & Efficiency

  7. Weaknesses and Extensions • Weak assumption • Participants in the study could easily recall their passphrases • Since the system might be the only one that requires passphrases • If many IT systems utilize the passphrases ? • Users may have various passphrases for the different systems • Difficult for the users to memorize the correct passphrases for each system • Extra Costs and Efforts • Passphrases may induce costs and efforts of system managers, developers, & users • Changes in the overall layout of the user interface. • Subjective Criteria for distinguishing login failure types • Typo or a memory error ? • Lee99 vs. Lee999

More Related