Optiwords: A new password policy for creating memorable and strong passwords

摘要

User-generated textual passwords suffer from the conflict between security and usability. System administrators usually adopt password composition policies to help users choose strong passwords. However, users often use predictable patterns to meet the strict password composition policies and to make passwords easy to remember, which in turn reduces the password strength, or write the password down, which may cause the password to be compromised. To overcome the user-generated password security and usability dilemma, we propose Optiwords, which is a new textual-password creation policy that is based on picture superiority effect, which provides users with a direct "drawing-to-text" method for creating user-friendly passwords. Optiwords helps users design separate line drawings on the keyboard as a "password figure" and choose the characters on the lines of the drawings in a certain sequence as the final textual password. A two-part user study with 127 participants was conducted to compare the usability and security of Optiwords with other three popular password policies. The results showed that there was no statistically significant difference compared Optiwords with Basic8 or 3class8 in memorability. The password strength of Optiwords outperformed Basic8 and 3class8. Compared with Random8, Optiwords had a great advantage in usability. (C) 2019 Elsevier Ltd. All rights reserved.