Long Passphrases: Potentials and Limits

Christopher Bonk; Zach Parish; Julie Thorpe; Amirali Salehi-Abari

arXiv:2110.08971·cs.CR·October 19, 2021

Long Passphrases: Potentials and Limits

Christopher Bonk, Zach Parish, Julie Thorpe, Amirali Salehi-Abari

PDF

TL;DR

This paper investigates the potential of long passphrases as a secure and memorable alternative to passwords, analyzing user behavior and security implications through a 39-day study.

Contribution

It introduces policies and guidelines for creating long passphrases and evaluates their usability and security in a real-world user study.

Findings

01

Policies support reasonable usability.

02

Long passphrases can offer promising security.

03

Common pitfalls exist in free-form passphrase creation.

Abstract

Passphrases offer an alternative to traditional passwords which aim to be stronger and more memorable. However, users tend to choose short passphrases with predictable patterns that may reduce the security they offer. To explore the potential of long passphrases, we formulate a set of passphrase policies and guidelines aimed at supporting their creation and use. Through a 39-day user study we analyze the usability and security of passphrases generated using our policies and guidelines. Our analysis indicates these policies lead to reasonable usability and promising security for some use cases, and that there are some common pitfalls in free-form passphrase creation. Our results suggest that our policies can support the use of long passphrases.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.