Usability-Aware Techniques to Enforce Password Policies in Online Services

D. Kulkarni (USA)


Passwords, Authentication, Usability


Creating an username and password is the first line of de fense in Web-based services. Though the process for spec ifying passwords has been around, not much has been done in implementing policies so that users can create a strong, yet easy-to-remember password. Users prefer simple pass words, but they are at risk of being guessed by password crackers. On the contrary, companies prefer a strong pass word policy so that their resources can be protected from unauthorized access. Usability and security become con flicting goals while implementing password policies, since there is a risk of losing customers if the process is too cum bersome. We propose a novel framework, called iPass, that takes multiple objectives into account, and is tunable to customer satisfaction. Our goal is to guide users in creating secure passwords, and users to update passwords based on password strength. Our approach emphasizes on ‘ed ucation’, ‘monitoring’, and ‘usability-aware’ enforcement of passwords. We also provide appropriate feedback, and acknowledge user efforts in creating passwords. We have also developed a technique that automatically suggests new passwords, and another that requires user participation to improve password strength. The prototype we have devel oped is simple and practical in addressing the problem.

Important Links:

Go Back