Forgot your password?

Back to login

Passphrases make online experience secure, user-friendly
August 19, 2018, 11:30 am

Although passphrases, or phrase-based passwords, have been found to be more secure than traditional passwords, human-factor issues such as typographical errors and memorability have slowed their wider adoption.

Researchers are now testing two new passphrase systems which seek to address these shortcomings and improve the usability and security of existing passphrase authentication systems.

The first passphrase system incorporates a specialized wordlist using simple, common words; a six-word sentence structure that made meaningful sense; and a user-created mnemonic picture to assist with recall. The final result would be a passphrase such as "silly pet wolf ate our pizzas," with an accompanying user-generated illustration. The second passphrase system replaced the six-word sentence structure with four words randomly drawn from a customized 1,450-word list.

The researchers assessed the usability of their systems against two existing passphrase systems: a user-generated passphrase containing at least 24 characters, and a system-generated passphrase using words randomly drawn from a list of 10,000. To gauge the success of their new systems, the authors asked 50 adult participants to create, in five minutes, a passphrase and any applicable mnemonic — without writing down what they created. The participants completed two recall sessions, one immediately following the creation of the four passphrases and one 7 to 11 days later.

The researchers found that memorability was greatly improved under their new systems compared with the existing ones: Second-session recall success rates in this study were 82 percent for the six-word sentence and 80 percent for the customized word list, versus only 50 percent for the user-generated passphrase and 34 percent for the passphrase created using the 10,000-word list. Given that study participants were instructed not to write down or practice their passphrases, the researchers note that in real-world settings, the success rates for their new systems would likely increase.

Passphrases are more secure than passwords and avoid the various issues with biometric systems like fingerprint or facial recognition. It is inevitable that we will eventually need to move past traditional passwords, but it is nothing to fear. Instead of asking users to juggle both usability and security, which is complicated, let us provide secure passphrases and allow users to do what they do best: make things easier for themselves. By truly understanding how users think, we can design systems that keep them secure while also being easy to use.

Share your views

"It is hard to fail, but it is worse never to have tried to succeed."

"Envy comes from wanting something that isn't yours. But grief comes from losing something you've already had."

Photo Gallery