[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Password Difficulties

To: Derek Atkins <[email protected]>
Subject: Re: Password Difficulties
From: [email protected]
Date: Sun, 03 Jul 94 19:47:09 EDT
Cc: Sandy Sandfort <[email protected]>, Alan Barrett <[email protected]>, [email protected]
Sender: [email protected]

	 I'm not a touch typist (although I am also not quite a hunt-and-peck
	 typist, either).  And using only about 6 fingers (well, I am counting
	 both thumbs in this count, and sometimes I use my other fingers as
	 well) I have no problems typing in my long (40-50 char) pass phrase!

	 However, I am a computer geek (well, I prefer to be known as a nerd,
	 but I have Nerd Pride, so... ;-) Anyways, I have a feeling that
	 Steve's testing was done with non-computer-geek-type people.  I.e.,
	 secretaries, managers, and high-up muckety-mucks.  Is this true,
	 Steve?  What was your sample space in your research?

My tests were informal.  The target was mostly taken from the sci.crypt
readership -- I don't deal much with management...

The initial tests were on passphrases of lengths from 12 to 20, as I
recall.  The phrases were created by chosing random words from
/usr/dict/words -- and the resulting pass-phrases were exceedingly
weird, which may have contributed to folks difficulty in typing them.
Not that the scores were bad, but they weren't great.

Access was by telnetting to a special port (or was it a special login?
I forget).  All and sundry are welcome to participate.

Anyway, I never had a chance to follow up, since I was distracted by
the book I was writing.  That's done, and I'm getting back to research
(though I'm thinking of starting another book this fall...).  Rerunning
the experiment, using longer passphrases, is high on my list; there's
some chance I'll be getting to it this summer, along with a student
who's working for me.  (We're currently working on another project of
interest to this audience; the paper will be available for ftp when
it's ready, though that's still a couple of months off.)

			--Steve Bellovin

P.S.  For the record -- I've been a touch typist for >30 years, as
appalling as that number sounds.  And secretaries are likely to be
*better* typists, not worse.  My concern for folks typing ability
was just that:  concern.  We don't *know*.  We do know that lots of
folks aggressively pick bad passwords; it isn't at all clear to me
if the problem is typing, memory, or both.  Passphrases will tend
to exacerbate both problems.

Follow-Ups:
- Re: Password Difficulties
  - From: joshua geller <[email protected]>
- Re: Password Difficulties
  - From: Roger Bryner <[email protected]>

Prev by Date: (None)
Next by Date: Re: PC Expo summary!!
Prev by thread: Visual Passphrases
Next by thread: Re: Password Difficulties
Index(es):
- Date
- Thread