Advertisement

Development of a Scale to Assess the Linguistic and Phonological Difficulty of Passwords

  • Jennifer Romano Bergstrom
  • Stefan A. Frisch
  • David Charles Hawkins
  • Joy Hackenbracht
  • Kristen K. Greene
  • Mary F. Theofanos
  • Brian Griepentrog
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8528)

Abstract

Institutions often require or recommend that their employees use secure, system-generated passwords. It is not clear how well linguistic and phonological language properties map onto complex, randomly-generated passwords. Passwords containing a mix of letters, numbers, and other symbol characters may or may not be similar to common patterns in spoken or written English. The Linguistic Phonological Difficulty (LPD) scoring rubric was created by considering the extent to which a string of characters in a password resembles ordinary spoken or written language patterns. LPD is a score calculated through a six-rule process that considers these spoken and written patterns of English as well as memory load. These rules can be applied to any password. Our research explores mapping linguistic and phonological language properties onto complex randomly generated passwords to assess behavioral performance.

Keywords

passwords memorability linguistics phonology 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Zviran, M., Haga, W.J.: Password Security: An Empirical Study. Journal of Management Information Systems 15(4), 161–184 (1999)Google Scholar
  2. 2.
    Keith, M., Shao, B., Steinbart, P.J.: The Usability of Passphrases for Authentication: An Empirical Field Study. International Journal of Human-Computer Studies 65, 17–28 (2007)CrossRefGoogle Scholar
  3. 3.
    Vu, K.L., Proctor, R.W., Bhargav-Spantzel, A., Tai, B., Cook, J., Schultz, E.E.: Improving Password Security and Memorability to Protect Personal and Organizational Informa-tion. International Journal of Human-Computer Studies 65, 744–757 (2007)CrossRefGoogle Scholar
  4. 4.
    Craik, F.I.M., Lockhart, R.S.: Levels of Processing: A Framework for Memory Re-search. Journal of Verbal Learning and Verbal Behavior 11, 671–684 (1971)CrossRefGoogle Scholar
  5. 5.
    Gasser, M.: A Random Word Generator for Pronounceable Passwords. Mitre Corporation Report MTR-3006 (1975)Google Scholar
  6. 6.
    Bonneau, J.: Linguistic Properties of Multi-Word Passphrases. In: USEC Workshop on Useable Security, Kralendijk, Bonaire, Netherlands (2012)Google Scholar
  7. 7.
    Bonneau, J.: The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords. In: IEEE Symposium on Security and Privacy (2012)Google Scholar
  8. 8.
    Greene, K.K., Gallagher, M.A., Stanton, B.C., Lee, P.Y.I.: Can’t Type That! P@$$w0rd Entry on Mobile Devices. In: Proceedings of the Human Computer Interaction International Conference, Crete, Greece (2014)Google Scholar
  9. 9.
    Gobet, F., Lane, P.C.R., Croker, S., Cheng, P.C.-H., Jones, G., Oliver, I., Pine, J.M.: Chunking Mechanisms in Human Learning. Trends in Cognitive Science 5, 236–243 (2001)CrossRefGoogle Scholar
  10. 10.
    Pierrehumbert, J.B.: The Phonetics and Phonology of English Intonation. Unpublished Ph.D. dissertation. MIT (1980)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Jennifer Romano Bergstrom
    • 1
  • Stefan A. Frisch
    • 2
  • David Charles Hawkins
    • 1
  • Joy Hackenbracht
    • 1
  • Kristen K. Greene
    • 3
  • Mary F. Theofanos
    • 3
  • Brian Griepentrog
    • 1
  1. 1.Fors Marsh GroupArlingtonUSA
  2. 2.University of South FloridaTampaUSA
  3. 3.National Institute of Standards and TechnologyGaithersburgUSA

Personalised recommendations