Jeff Yan, Alan Blackwell, Ross Anderson, and Alasdair GrantMANY THINGS ARE "WELL KNOWN" ABOUT PASSWORDS, such as the fact that people can't remember strong passwords and that the passwords they can remember are easy to guess. However, little research on the subject would pass muster by the standards of applied psychology.[1]
In the study presented here, we confirmed some widely held folk beliefs about passwords. However, we also observed a number of surprising phenomena that run counter to the established wisdom. Our study shows that the methods of applied psychology can bring new insights and solid results for security research and development. |