期刊名称:Journal of Theoretical and Applied Information Technology
印刷版ISSN:1992-8645
电子版ISSN:1817-3195
出版年度:2014
卷号:66
期号:3
出版社:Journal of Theoretical and Applied
摘要:User authentication can be defined as the process of proving the user�s identity. Three typical categories of user authentication are based on users� knowledge (i.e. PIN and Passwords), users� possession (i.e. Smart Card and Token) and users� characteristics (i.e. Iris and typing pattern). This paper presents an extensive review related to password-based authentication and then reports the latest experimental study conducted to evaluate the password practices among students within the authors� institution. Participants within the study were given a scenario where their accounts were hacked and straightforwardly, they were asked to create new passwords according to three conditions; namely C1 (i.e. having at least one upper, lower, number and special character), C2 (i.e. contains at least three words) and C3 (i.e. combination of C1 and C2 respectively). After a week time, they were again invited to participate by writing down their passwords to investigate memorability. Overall, the study managed to recruit 380 students, having a total of 1140 passwords. From the analysis covering password memorability, password creation and password perception, it could be reported that the three tested conditions have both positive and negative outcomes, thus authors suggest that �a second look� should be considered if these conditions to be implemented in real setting.
