Measuring the usability and security of permuted passwords on mobile platforms /

Saved in:
Bibliographic Details
Author / Creator:Greene, Kristen K.
Imprint:Gaithersburg, MD : U.S. Dept. of Commerce, National Institute of Standards and Technology, 2016.
Description:1 online resource (65 pages) : illustrations (color).
Language:English
Series:NISTIR ; 8040
NISTIR ; 8040.
Subject:
Format: E-Resource U.S. Federal Government Document Book
URL for this record:http://pi.lib.uchicago.edu/1001/cat/bib/11862692
Hidden Bibliographic Details
Other authors / contributors:Franklin, Joshua M.
Greene, Kristen K.
Kelsey, John.
Information Technology Laboratory (National Institute of Standards and Technology)
Notes:April 2016.
Contributed record: Metadata reviewed, not verified. Some fields updated by batch processes.
Title from PDF title page (viewed April 30, 2016).
Includes bibliographical references.
Summary:Password entry on mobile devices significantly impacts both usability and security, but there is a lack of usable security research in this area, specifically for complex password entry. To address this research gap, we set out to assign strength metrics to passwords for which we already had usability data, in an effort to have a more meaningful comparison between usability and security. This document reports a method of optimizing the input of randomly generated passwords on mobile devices via password permutation to allow for a comparison of password usability data. We found that the number of keystrokes saved the efficiency gained via permutation depends on the number of onscreen keyboard changes required in the original password rather than on password length. Additionally, we created and are releasing Python scripts (publicly available from https://github.com/usnistgov/PasswordMetrics) for the experiments on entropy loss we conducted across passwords ranging in length from 5 to 20 characters.
Standard no.:GOVPUB-C13-8062767e03ba2467301fe5b36548a003
GPO item no.:0247-D (online)
Govt.docs classification:C 13.58:8040

MARC

LEADER 00000nam a2200000Ii 4500
001 11862692
005 20160926090653.0
006 m d f
007 cr cn|||||||||
008 160921s2016 mdua ot f000 0 eng d
003 ICU
024 8 |a GOVPUB-C13-8062767e03ba2467301fe5b36548a003 
035 |a (OCoLC)958885806 
040 |a NBS  |b eng  |e pn  |e rda  |c NBS  |d GPO  |d NBS  |d MvI 
074 |a 0247-D (online) 
086 0 |a C 13.58:8040 
100 1 |a Greene, Kristen K. 
245 1 0 |a Measuring the usability and security of permuted passwords on mobile platforms /  |c Kristen K. Greene; John Kelsey; Joshua M. Franklin. 
264 1 |a Gaithersburg, MD :  |b U.S. Dept. of Commerce, National Institute of Standards and Technology,  |c 2016. 
300 |a 1 online resource (65 pages) :  |b illustrations (color). 
336 |a text  |2 rdacontent  |0 http://id.loc.gov/vocabulary/contentTypes/txt 
337 |a computer  |2 rdamedia  |0 http://id.loc.gov/vocabulary/mediaTypes/c 
338 |a online resource  |2 rdacarrier  |0 http://id.loc.gov/vocabulary/carriers/cr 
490 1 |a NISTIR ;  |v 8040 
500 |a April 2016. 
500 |a Contributed record: Metadata reviewed, not verified. Some fields updated by batch processes. 
500 |a Title from PDF title page (viewed April 30, 2016). 
504 |a Includes bibliographical references. 
520 3 |a Password entry on mobile devices significantly impacts both usability and security, but there is a lack of usable security research in this area, specifically for complex password entry. To address this research gap, we set out to assign strength metrics to passwords for which we already had usability data, in an effort to have a more meaningful comparison between usability and security. This document reports a method of optimizing the input of randomly generated passwords on mobile devices via password permutation to allow for a comparison of password usability data. We found that the number of keystrokes saved the efficiency gained via permutation depends on the number of onscreen keyboard changes required in the original password rather than on password length. Additionally, we created and are releasing Python scripts (publicly available from https://github.com/usnistgov/PasswordMetrics) for the experiments on entropy loss we conducted across passwords ranging in length from 5 to 20 characters. 
650 0 |a Computers  |x Access control  |x Passwords.  |0 http://id.loc.gov/authorities/subjects/sh85029555 
650 0 |a Mobile communication systems.  |0 http://id.loc.gov/authorities/subjects/sh85086371 
700 1 |a Franklin, Joshua M. 
700 1 |a Greene, Kristen K. 
700 1 |a Kelsey, John.  |0 http://id.loc.gov/authorities/names/n2014038767 
710 2 |a Information Technology Laboratory (National Institute of Standards and Technology)  |0 http://id.loc.gov/authorities/names/no97056762 
830 0 |a NISTIR ;  |v 8040.  |0 http://id.loc.gov/authorities/names/n88507971 
856 4 0 |u https://purl.fdlp.gov/GPO/gpo99830  |y Government Publishing Office 
903 |a HeVa 
929 |a eresource 
999 f f |i 6d235be1-6043-580e-91b4-f8092779a4c2  |s 9b9b91e9-aafd-507c-a527-8fa29259480d 
928 |t Library of Congress classification  |l Online  |c UC-FullText  |u https://purl.fdlp.gov/GPO/gpo99830  |z Government Publishing Office  |g ebooks  |i 11321739