There is no more common security technology in use today than that of the ubiquitous user name and password. Easy to understand and implement, passwords play a critical functional role in online society as the secrets that bind real people to their digital information and personas. They require no more of their users than to simply remember them. Unfortunately, they are flawed in both nature and execution—as the simplest form of secret, they are easily given away and reused1 by attackers. As such, they and other similar forms of “secret” information such as social security numbers are subject to increasingly sophisticated “phishing” attacks, which attempt to trick users into revealing them. They are also deployed in a fashion that overtaxes users’ abilities to manage them securely and effectively. A number of studies have demonstrated clearly what most password users (i.e., all of us) know by experience: people don’t know how to pick good passwords and are asked to remember far too many of them or change them far too often, resulting in poor password choice and passwords being written down or shared (Adams and Sasse, 1999).
Standard password policies are striking in how effectively they minimize usability. Even simple changes in typical password policies can demonstrably increase usability without decreasing security, for example, not requiring password change or increasing the number of password input errors allowed without requiring administrator intervention (e.g., from 3 to 10) (Brostoff and Sasse, 2003).
Unfortunately, the increasing body of research on both traditional text passwords and various forms of new graphical passwords appears to be moving inexorably to the conclusion that passwords in any form cannot be used securely in their “naked” form (i.e., based only on what a user is able to remember on his own) without technological support. Most interestingly, it seems the very universality of passwords is also their downfall. For example, studies suggested that a simple technique for constructing passwords through mnemonic phrases could result in passwords that were as difficult to guess as randomly generated passwords, while at the same time being easy to remember (Yan et al., 2005). Unfortunately, it turns out that in practice most of us pick the same mnemonic phrases from which to generate our passwords, making these hard passwords vulnerable to simple dictionary attacks (Kuo et al., 2006).
Because of their strong appeal, more design activity is going into attempts to improve the security and usability of passwords—with mixed results. Mutual authentication systems, such as SiteKey™, attempt to reduce the risk that users will reveal passwords to other than the websites they intend by providing a supposedly user-friendly image-based method for users to authenticate the website