Human Generated Passwords – The Impacts of Password Requirements and Presentation Styles

  • Paul Y. LeeEmail author
  • Yee-Yin Choong
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9190)


The generation stage of the user password management lifecycle is arguably the most important yet perilous step. Fulfilling minimum length and character type requirements while attempting to create something memorable can become an arduous task, leaving the users frustrated and confused. Our study focuses on two areas – password requirements and formatting – and examines the differences in user performance to understand the human password generation space. The results show a clear drop in performance when users generate passwords following a complex rule set as opposed to a simple rule set, with fewer passwords, more errors, and longer times for rule comprehension and password generation. Better formatted presentation helps reduce cognitive load in reading complex password rules and facilitates comprehension. Findings from this study will contribute to a better understanding of the user password generation stage and shed light on future development of password policies balancing security and usability.


Password generation Cyber security Password policy Usability 


  1. 1.
    Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th International Conference on World Wide Web, pp. 657–666. ACM, New York (2007)Google Scholar
  2. 2.
    Proctor, R., Lien, M., Vu, K., Schultz, E., Salvendy, G.: Improving computer security for authentication of users: influence of proactive password restrictions. Behav. Res. Meth. Instrum. Comput. 33(2), 163–169 (2002)CrossRefGoogle Scholar
  3. 3.
    Vu, K., Proctor, R., Bhargavspantzel, A., Tai, B., Cook, J., Eugeneschultz, E.: Improving password security and memorability to protect personal and organizational information. Int. J. Hum. Comput. Stud. 65(8), 744–757 (2007)CrossRefGoogle Scholar
  4. 4.
    Weir, M., Aggarwal, S., Collins, M., Stern, H.: Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 162–175. ACM, New York (2010)Google Scholar
  5. 5.
    Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: Empirical results. IEEE Secur. Priv. Mag. 2(5), 25–31 (2004)CrossRefGoogle Scholar
  6. 6.
    Florencio, D., Herley, C., Oorschot, P.: An administrator’s guide to internet password research. In: 28th Large Installation System Administration Conference. Usenix, Washington (2014)Google Scholar
  7. 7.
    Roman, V.Y.: Analyzing user password selection behavior for reduction of pass-word space. In: Proceedings 2006 40th Annual IEEE International, pp. 109–115. IEEE, New Jersey (2006)Google Scholar
  8. 8.
    Jakobsson, M., Dhiman, M.: The benefits of understanding passwords. In: Proceedings of the 7th USENIX Workshop on Hot Topics in Security. Usenix, Washington (2012)Google Scholar
  9. 9.
    Grawemeyer, B., Johnson, H.: How secure is your password? towards modelling human password creation. In: Proceedings of the First Trust Economics Workshop, pp. 15–18 (2009)Google Scholar
  10. 10.
    Choong, Y.-Y.: A cognitive-behavioral framework of user password management lifecycle. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 127–137. Springer, Heidelberg (2014)Google Scholar
  11. 11.
    Jermyn, I., Mayer, A., Monrose, F., Reiter, M., Rubin, A.: The design and analysis of graphical passwords. In: 8th USENIX Security Symposium, pp 1–1 (1999)Google Scholar
  12. 12.
    Keith, M., Shao, B., Steinbart, P.: A behavioral analysis of passphrase design and effectiveness. J. Assoc. Inf. Syst. 10(2), 2 (2009)Google Scholar
  13. 13.
    Walker, R.C., Schloss, P., Vogel, C.A., Gordon, A.S., Fletcher, C.R., Walker, S.: Visual-syntactic text formatting: theoretical basis and empirical evidence for impact on human reading. In: Professional Communication Conference, pp 1–14 (2007)Google Scholar
  14. 14.
    Yu, C.-H., Miller, R.C.: Enhancing web page readability for non-native readers. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp 2523–2532 (2010)Google Scholar
  15. 15.
    Bourne, C., Ford, D.: A study of the statistics of letters in english words. Inf. Control 4(1), 48–67 (1961)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.National Institute of Standards and TechnologyGaithersburgUSA

Personalised recommendations