Development of a Scale to Assess the Linguistic and Phonological Difficulty of Passwords
Institutions often require or recommend that their employees use secure, system-generated passwords. It is not clear how well linguistic and phonological language properties map onto complex, randomly-generated passwords. Passwords containing a mix of letters, numbers, and other symbol characters may or may not be similar to common patterns in spoken or written English. The Linguistic Phonological Difficulty (LPD) scoring rubric was created by considering the extent to which a string of characters in a password resembles ordinary spoken or written language patterns. LPD is a score calculated through a six-rule process that considers these spoken and written patterns of English as well as memory load. These rules can be applied to any password. Our research explores mapping linguistic and phonological language properties onto complex randomly generated passwords to assess behavioral performance.
Keywordspasswords memorability linguistics phonology
Unable to display preview. Download preview PDF.
- 1.Zviran, M., Haga, W.J.: Password Security: An Empirical Study. Journal of Management Information Systems 15(4), 161–184 (1999)Google Scholar
- 5.Gasser, M.: A Random Word Generator for Pronounceable Passwords. Mitre Corporation Report MTR-3006 (1975)Google Scholar
- 6.Bonneau, J.: Linguistic Properties of Multi-Word Passphrases. In: USEC Workshop on Useable Security, Kralendijk, Bonaire, Netherlands (2012)Google Scholar
- 7.Bonneau, J.: The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords. In: IEEE Symposium on Security and Privacy (2012)Google Scholar
- 8.Greene, K.K., Gallagher, M.A., Stanton, B.C., Lee, P.Y.I.: Can’t Type That! P@$$w0rd Entry on Mobile Devices. In: Proceedings of the Human Computer Interaction International Conference, Crete, Greece (2014)Google Scholar
- 10.Pierrehumbert, J.B.: The Phonetics and Phonology of English Intonation. Unpublished Ph.D. dissertation. MIT (1980)Google Scholar