ABSTRACT


Despite being aware of the security risk, most of the users tend to create weak passwords. In this situation, the users unintentionally prefer memorability over security. This research work addresses some security and memorability issues of textual passwords and proposes solutions to them. In first level of work we studied passwords habits of ordinary users and found surprising number of users re-used their passwords and majority used lowercase letters and dictionary words to form their passwords with small length. Th is study reveals the weaknesses of textual passwords chosen by users. I n our second level of work we proposed an authentication scheme "Pick Secret Pattern (PSP)" which used patterns to construct a textual password. The scheme could produce strong passwords with easy patterns to remember. The password data showed that users created stronger passwords with increased length. Although fewer number of users misused the scheme for creating smaller passwords which used dictionary words and names.

The third stage of the work was to test users for memorability of the pattern-based passwords. We implemented the pattern-based method of creating passwords and conducted a memorability study to test its effectiveness. The results showed that majority of the users could remember the patterns easily on next day, third day and a week after registration. During the study of textual passwords, the users showed their great interest towards the problem and suggested that PSP might be useful in web based and desktop applications. The results of this study demonstrate that the PSP can be implemented into web and desktop applications to help users memorize strong passwords.