Although the use of multiple methods of user authentication for IT system increases security, passwords are often the only credential required for access. Consequently, the challenge is to discover ways to improve password strength without impairing usability. Longer pass “phrases” have received increased attention as a solution to this challenge because they are potentially more resistant to attacks yet are easy to remember. Recent evidence, however, suggests that passphrases increase the likelihood of typographical errors resulting in login failures and negative user perceptions. This paper presents experimental results that demonstrate well-designed passphrases do not increase login failures and, thereby, generate positive user perceptions. Implications are drawn to help IT managers develop effective IT security policies in utilizing passphrases to improve authentication and to assist researchers in identifying avenues for future research.
Keith, Mark; Shao, Benjamin; and Steinbart, Paul
"A Behavioral Analysis of Passphrase Design and Effectiveness,"
Journal of the Association for Information Systems:
2, Article 2.
Available at: http://aisel.aisnet.org/jais/vol10/iss2/2