Measuring the usability and security of permuted passwords on mobile platforms / Kristen K. Greene; John Kelsey; Joshua M. Franklin.
Password entry on mobile devices significantly impacts both usability and security, but there is a lack of usable security research in this area, specifically for complex password entry. To address this research gap, we set out to assign strength metrics to passwords for which we already had usability data, in an effort to have a more meaningful comparison between usability and security. This document reports a method of optimizing the input of randomly generated passwords on mobile devices via password permutation to allow for a comparison of password usability data. We found that the number of keystrokes saved the efficiency gained via permutation depends on the number of onscreen keyboard changes required in the original password rather than on password length. Additionally, we created and are releasing Python scripts (publicly available from https://github.com/usnistgov/PasswordMetrics) for the experiments on entropy loss we conducted across passwords ranging in length from 5 to 20 characters.
Record details
- Physical Description: 1 online resource (65 pages) : illustrations (color).
- Publisher: Gaithersburg, MD : U.S. Dept. of Commerce, National Institute of Standards and Technology, 2016.
Content descriptions
| General Note: | April 2016. Contributed record: Metadata reviewed, not verified. Some fields updated by batch processes. Title from PDF title page (viewed April 30, 2016). |
| Bibliography, etc. Note: | Includes bibliographical references. |
Search for related items by subject
| Subject: | Computers > Access control > Passwords. Mobile communication systems. |
Search for related items by series
Loading Recommendations...
| LDR | 02781nam a2200421Ii 4500 | ||
|---|---|---|---|
| 001 | ocn958885806 | ||
| 003 | OCoLC | ||
| 005 | 20160926090653.0 | ||
| 007 | cr cn||||||||| | ||
| 008 | 160921s2016 mdua got f000 0 eng d | ||
| 024 | 8 | . | ‡aGOVPUB-C13-8062767e03ba2467301fe5b36548a003 |
| 035 | . | ‡a(OCoLC)958885806 | |
| 040 | . | ‡aNBS ‡beng ‡epn ‡erda ‡cNBS ‡dGPO ‡dNBS ‡dMvI ‡dMvI | |
| 074 | . | ‡a0247-D (online) | |
| 086 | 0 | . | ‡aC 13.58:8040 |
| 100 | 1 | . | ‡aGreene, Kristen K. |
| 245 | 1 | 0. | ‡aMeasuring the usability and security of permuted passwords on mobile platforms / ‡cKristen K. Greene; John Kelsey; Joshua M. Franklin. |
| 264 | 1. | ‡aGaithersburg, MD : ‡bU.S. Dept. of Commerce, National Institute of Standards and Technology, ‡c2016. | |
| 300 | . | ‡a1 online resource (65 pages) : ‡billustrations (color). | |
| 336 | . | ‡atext ‡2rdacontent | |
| 337 | . | ‡acomputer ‡2rdamedia | |
| 338 | . | ‡aonline resource ‡2rdacarrier | |
| 490 | 1 | . | ‡aNISTIR ; ‡v8040 |
| 500 | . | ‡aApril 2016. | |
| 500 | . | ‡aContributed record: Metadata reviewed, not verified. Some fields updated by batch processes. | |
| 500 | . | ‡aTitle from PDF title page (viewed April 30, 2016). | |
| 504 | . | ‡aIncludes bibliographical references. | |
| 520 | 3 | . | ‡aPassword entry on mobile devices significantly impacts both usability and security, but there is a lack of usable security research in this area, specifically for complex password entry. To address this research gap, we set out to assign strength metrics to passwords for which we already had usability data, in an effort to have a more meaningful comparison between usability and security. This document reports a method of optimizing the input of randomly generated passwords on mobile devices via password permutation to allow for a comparison of password usability data. We found that the number of keystrokes saved the efficiency gained via permutation depends on the number of onscreen keyboard changes required in the original password rather than on password length. Additionally, we created and are releasing Python scripts (publicly available from https://github.com/usnistgov/PasswordMetrics) for the experiments on entropy loss we conducted across passwords ranging in length from 5 to 20 characters. |
| 650 | 0. | ‡aComputers ‡xAccess control ‡xPasswords. ‡0(DLC)sh 85029555 | |
| 650 | 0. | ‡aMobile communication systems. ‡0(DLC)sh 85086371 | |
| 700 | 1 | . | ‡aFranklin, Joshua M. |
| 700 | 1 | . | ‡aGreene, Kristen K. |
| 700 | 1 | . | ‡aKelsey, John. ‡0(DLC)n 2014038767 |
| 710 | 2 | . | ‡aInformation Technology Laboratory (National Institute of Standards and Technology) ‡0(DLC)no 97056762 |
| 830 | 0. | ‡aNISTIR ; ‡0(DLC)n 88507971 ‡v8040. | |
| 856 | 4 | 0. | ‡uhttps://purl.fdlp.gov/GPO/gpo99830 ‡9STLIB-IND |
| 949 | . | ‡hONLINE | |
| 901 | . | ‡aocn958885806 ‡bOCoLC ‡c21709644 ‡tbiblio ‡sGPO - Government Documents | |
