Elsevier

Computers & Security

Volume 1, Issue 1, January 1982, Pages 54-56
Computers & Security

A password extension for improved human factors

https://doi.org/10.1016/0167-4048(82)90025-6Get rights and content

Abstract

To maximize both the difficulty of guessing passwords and also the ease of remembering passwords, we use a fairly large keyspace (64 bits) and a very long “passphrase” (up to 80 characters). The phrase is hashed into the key, which is then stored in encrypted form. The hashing necessarily includes one-way encryption. Since the phrase is long, one would expect a large keyspace for the actual phrase as well as for the hashed phrase. Since the phrase is meaningful to the owner it should be easier to remember.

References (6)

  • National Bureau of Standards, Guidelines on Evaluation of Techniques for Automated Personal Identification,...
  • A. Shamir

    How to Share a Secret

    Communications of the ACM

    (1979)
  • G.R. Blakley, Security Proofs for Information Protection Systems, 1981 IEEE-CS Workshop on Security and...
There are more references available in the full text version of this article.

Cited by (50)

  • Lossless fuzzy extractor enabled secure authentication using low entropy noisy sources

    2021, Journal of Information Security and Applications
    Citation Excerpt :

    For example, biometrics (i.e., human iris and fingerprint) may be used for personal recognition or identification purposes. Similarly, long passphrase [3], for example, answer of several questions for secure access [4] or personal entropy system [5], a list of favorite movies [6], are non-uniformly distributed random strings that can be used for secrets. The availability of non-uniform information compelled the usage of non-uniform materials to generate uniform random string.

  • Shoulder surfing: From an experimental study to a comparative framework

    2019, International Journal of Human Computer Studies
    Citation Excerpt :

    The main idea behind using words as the building blocks of a password is that they can represent concepts that can be easily remembered. In that regard, association lists can be considered a graphical alternative to textual passwords that were created using cognitive approaches, such as passphrases (Keith et al., 2007; Porter, 1982), cognitive passwords, associative passwords, or the PsychoPass method (Cipresso et al., 2012), to name a few. Studies have shown that associative elements have positive effects on password memorability (Bower, 1970; Keith et al., 2007), which inspired association lists.

  • Hierarchy of users' web passwords: Perceptions, practices and susceptibilities

    2014, International Journal of Human Computer Studies
    Citation Excerpt :

    While we agree with this notion, we find that users exhibit both partial and complete password reuse between less and more important accounts, creating a serious increased risk for the user. Some security experts advocate the use of longer passphrases consisting of multiple words (Porter, 1982). The purported advantages of passphrases are twofold: resistance against brute-force attacks and increased memorability.

  • Traditional Authentication

    2024, SpringerBriefs in Computer Science
  • Authentibility Pass: An Accessible Authentication Gateway for People with Reduced Abilities

    2023, Proceedings - 2023 IEEE International Conference on e-Business Engineering, ICEBE 2023
  • Empowering Users: Leveraging Interface Cues to Enhance Password Security

    2023, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
View all citing articles on Scopus

Sigmund N. Porter is a Senior Consultant with NCR Corporation, Systems Engineering — Scripps Ranch in San Diego, California, where he is currently leader of advanced development activities on the management of cryptographic keys and identity authentication. He hold patents in signal generation, cryogenic circuits, virtual memory and account number validation. His activities cover a broad range of activities, including the development of a true random number generator, human factors standards, statistical formulae for availability calculations, special purpose operating systems and other computing areas.

Mr. Porter is a member of the Security and Privacy as well as the Western Area Committees of the IEEE Computer Society and is at present Treasurer of the Association for Computing Machinery's Special Interest Group on Security, Audit and Control (ACM/SIGSAC).

View full text