"Development of the Passphrase Alleviating Abstraction, Remembering, an" by Juan Manuel Madrid
 

CCE Theses and Dissertations

Date of Award

2024

Document Type

Dissertation

Degree Name

Doctor of Philosophy Cybersecurity Management

Department

College of Computing and Engineering

Advisor

Yair Levy

Committee Member

Laurie Dringus

Committee Member

Ling Wang

Keywords

Cognitive load theory, Cybersecurity education training and awareness, Passphrases, Password complexity, Password memorability

Abstract

The currently most used method for computer authentication is the password because it is simple to implement, and users are familiar with it. However, passwords are vulnerable to attacks that can be mitigated by increasing the complexity of the chosen password, particularly in length. One possible approach to increasing the complexity of passwords is by using passphrases. Passphrases can be easier to remember than a standard password, improving memorability. They can reduce the loss of work time and productivity related to forgotten passwords. To achieve the required balance between complexity and memorability, the concept of passphrase categories can be applied, meaning more sensitive accounts or services should have more complex passphrases, and vice versa. This study designed, developed, and empirically tested the Passphrase Alleviating Abstraction, Remembering, and Strength (PALAbRaS) method for educating users to create complex, yet easy-to-remember passphrases, according to the category of account or service they want to protect. This study was developed in three phases. The first phase involved the participation of a group of 37 Subject Matter Experts (SMEs) that provided feedback on the passphrase complexity/memorability constructs, the account/service categories, the passphrase levels related to the account/service categories, and the best way to deliver the proposed method to users. The second phase included the development of the data collection platform, the development of educational materials, and a pilot test of the experiment setup involving ten participants. The third phase included the main data collection and analysis, involving the participation of 68 student volunteers at a university in Cali, Colombia. Participants were split into three groups of similar size: a control group and two groups that received short and long awareness sessions about the method. The results of the study indicate that (1) persons instructed in the method created more complex passphrases, (2) the method has little effect on the memorability of the passphrases, (3) persons instructed in the method create passphrases that are adequate for the category of the account or service they wish to protect, (4) the short awareness session had a slightly higher impact in users than the long awareness session, (5) data failed to show effects of mean passphrase complexity, passphrase memorability or matching of passphrase levels to account categories when controlling for participant’s age, gender or computer experience, and (6) the PALAbRaS method was deemed as usable and favorable by participants.

Download
Share Feedback

Share

COinS