Towards the Development and Assessment of a Method for Educating Users into Choosing Complex, Memorable Passphrases

Abstract

The currently most used method for authentication is the password because it is simple to implement, and computer users are very familiarized with it. However, passwords are vulnerable to attacks that can be mitigated by increasing the complexity of the chosen password, particularly in terms of length. One possible approach to accomplish this is through the usage of passphrases, which can be easier to remember than a standard password, thus reducing the loss of work time and productivity related to forgotten passwords. To achieve the required balance between complexity and memorability, the concept of passphrase categories can be used, i.e. more sensitive accounts or services should have more complex passphrases, and vice versa. This work-in-progress study proposes to develop and assess a method for educating users into creating complex, yet easy to remember passphrases, according to the category of account or service they want to protect. The work-in-progress study will be developed in three phases, including validation of the method by a panel of subject matter experts, a pilot test, and a main data collection and analysis phase