User-centric adaptive password policies to combat password fatigue

Y. Al-Slais, W. El-Medany
{"title":"User-centric adaptive password policies to combat password fatigue","authors":"Y. Al-Slais, W. El-Medany","doi":"10.34028/iajit/19/1/7","DOIUrl":null,"url":null,"abstract":"Today, online users will have an average of 25 password-protected accounts online, yet use, on average, 6.5 passwords. The excessive cognitive burden of remembering large amounts of passwords causes Password Fatigue. Therefore users tend to reuse passwords or recycle password patterns whenever prompted to change their passwords regularly. Researchers have created Adaptive Password Policies to prevent users from creating new passwords similar to previously created ones. However, this approach creates user frustration as it neglects users’ cognitive burden. This paper proposes a novel User-Centric Adaptive Password Policy (UCAPP) Framework for password creation and management that assigns users system-generated passwords based on a cognitive-behavioural agent-based model. The framework comprises a Password Policy Assignment Test (PassPAST), a Cognitive Burden Scale (CBS), a User Profiling Algorithm, and a Password Generator (PassGEN). The framework creates tailor-made password policies that maintain password memorability for users of different cognitive thresholds without sacrificing password strength and entropy. The framework successfully created 30-40% stronger passwords for Critical users and random (non-mnemonic) passwords for Typical users based on each individual’s cognitive password thresholds in a preliminary test.","PeriodicalId":13624,"journal":{"name":"Int. Arab J. Inf. Technol.","volume":"8 1 1","pages":"55-62"},"PeriodicalIF":0.0000,"publicationDate":"2022-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. Arab J. Inf. Technol.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.34028/iajit/19/1/7","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4

Abstract

Today, online users will have an average of 25 password-protected accounts online, yet use, on average, 6.5 passwords. The excessive cognitive burden of remembering large amounts of passwords causes Password Fatigue. Therefore users tend to reuse passwords or recycle password patterns whenever prompted to change their passwords regularly. Researchers have created Adaptive Password Policies to prevent users from creating new passwords similar to previously created ones. However, this approach creates user frustration as it neglects users’ cognitive burden. This paper proposes a novel User-Centric Adaptive Password Policy (UCAPP) Framework for password creation and management that assigns users system-generated passwords based on a cognitive-behavioural agent-based model. The framework comprises a Password Policy Assignment Test (PassPAST), a Cognitive Burden Scale (CBS), a User Profiling Algorithm, and a Password Generator (PassGEN). The framework creates tailor-made password policies that maintain password memorability for users of different cognitive thresholds without sacrificing password strength and entropy. The framework successfully created 30-40% stronger passwords for Critical users and random (non-mnemonic) passwords for Typical users based on each individual’s cognitive password thresholds in a preliminary test.
以用户为中心的自适应密码策略,以对抗密码疲劳
如今,在线用户平均拥有25个受密码保护的在线账户,但平均使用6.5个密码。记忆大量密码的过度认知负担会导致“密码疲劳”。因此,每当提示用户定期更改密码时,用户往往会重复使用密码或重复使用密码模式。研究人员创建了自适应密码策略,以防止用户创建与以前创建的密码相似的新密码。然而,这种方法忽略了用户的认知负担,从而造成了用户的挫败感。本文提出了一种新的以用户为中心的自适应密码策略(UCAPP)框架,用于密码创建和管理,该框架基于认知行为智能体模型为用户分配系统生成的密码。该框架包括密码策略分配测试(passspast)、认知负担量表(CBS)、用户分析算法和密码生成器(PassGEN)。该框架创建量身定制的密码策略,在不牺牲密码强度和熵的情况下,为不同认知阈值的用户保持密码可记忆性。在初步测试中,该框架成功地为关键用户创建了30-40%的强密码,并根据每个人的认知密码阈值为典型用户创建了随机(非助记)密码。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信