{"title":"选择密码:安全和人为因素","authors":"E. Gehringer","doi":"10.1109/ISTAS.2002.1013839","DOIUrl":null,"url":null,"abstract":"Password security is essential to the security of information systems. Human fallibility makes it nearly impossible to follow all of the recommended rules simultaneously. A user with many different passwords, frequently changing, will be forced to write them down somewhere. Some systems constrain them to have a certain minimum length, or to require them to contain a combination of letters and numbers. Some systems also impose maximum lengths, and some prohibit special characters. The lack of common standards for passwords makes it difficult for a user to remember which password is used for which system. To make matters worse, systems frequently revoke a user's access after a password has been incorrectly entered as few as three times. What is needed, then, is an analysis of passwords that takes both human factors and security into account. We must recognize that what really matters is the security of the total system-offline as well as online. This paper explores the tradeoffs that need to be made to achieve maximum security in everyday use by forgetful users.","PeriodicalId":377470,"journal":{"name":"IEEE 2002 International Symposium on Technology and Society (ISTAS'02). Social Implications of Information and Communication Technology. Proceedings (Cat. No.02CH37293)","volume":"139 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2002-08-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"115","resultStr":"{\"title\":\"Choosing passwords: security and human factors\",\"authors\":\"E. Gehringer\",\"doi\":\"10.1109/ISTAS.2002.1013839\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Password security is essential to the security of information systems. Human fallibility makes it nearly impossible to follow all of the recommended rules simultaneously. A user with many different passwords, frequently changing, will be forced to write them down somewhere. Some systems constrain them to have a certain minimum length, or to require them to contain a combination of letters and numbers. Some systems also impose maximum lengths, and some prohibit special characters. The lack of common standards for passwords makes it difficult for a user to remember which password is used for which system. To make matters worse, systems frequently revoke a user's access after a password has been incorrectly entered as few as three times. What is needed, then, is an analysis of passwords that takes both human factors and security into account. We must recognize that what really matters is the security of the total system-offline as well as online. This paper explores the tradeoffs that need to be made to achieve maximum security in everyday use by forgetful users.\",\"PeriodicalId\":377470,\"journal\":{\"name\":\"IEEE 2002 International Symposium on Technology and Society (ISTAS'02). Social Implications of Information and Communication Technology. Proceedings (Cat. No.02CH37293)\",\"volume\":\"139 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2002-08-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"115\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE 2002 International Symposium on Technology and Society (ISTAS'02). Social Implications of Information and Communication Technology. Proceedings (Cat. No.02CH37293)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISTAS.2002.1013839\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE 2002 International Symposium on Technology and Society (ISTAS'02). Social Implications of Information and Communication Technology. Proceedings (Cat. No.02CH37293)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISTAS.2002.1013839","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Password security is essential to the security of information systems. Human fallibility makes it nearly impossible to follow all of the recommended rules simultaneously. A user with many different passwords, frequently changing, will be forced to write them down somewhere. Some systems constrain them to have a certain minimum length, or to require them to contain a combination of letters and numbers. Some systems also impose maximum lengths, and some prohibit special characters. The lack of common standards for passwords makes it difficult for a user to remember which password is used for which system. To make matters worse, systems frequently revoke a user's access after a password has been incorrectly entered as few as three times. What is needed, then, is an analysis of passwords that takes both human factors and security into account. We must recognize that what really matters is the security of the total system-offline as well as online. This paper explores the tradeoffs that need to be made to achieve maximum security in everyday use by forgetful users.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
