UCL logo

UCL Discovery

UCL home » Library Services » Electronic resources » UCL Discovery

“Ten strikes and you're out”: Increasing the number of login attempts can improve password usability

Brostoff, S; Sasse, MA; (2003) “Ten strikes and you're out”: Increasing the number of login attempts can improve password usability. Presented at: CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Fort Lauderdale, Florida. Green open access

[img]
Preview
PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
233Kb

Abstract

Many users today are struggling to manage an increasing number of passwords. As a consequence, many organizations face an increasing demand on an expensive resource – the system administrators or help desks. This paper suggests that re-considering the “3- strikes” policy commonly applied to password login systems would be an immediate way of reducing this demand. We analyzed 10 weeks worth of system logs from a sample of 386 users, whose login attempts were not restricted in the usual manner. During that period, only 10% of login attempts failed. We predict that requests for password reminders could be reduced by up to 44% by increasing the number of strikes from 3 to ten.

Type:Conference item (UNSPECIFIED)
Title:“Ten strikes and you're out”: Increasing the number of login attempts can improve password usability
Event:CHI 2003 Workshop on Human-Computer Interaction and Security Systems
Location:Fort Lauderdale, Florida
Dates:2003-04-05 - 2003-04-10
Open access status:An open access version is available from UCL Discovery
Publisher version:http://www.andrewpatrick.ca/CHI2003/HCISEC/
Language:English
Keywords:Human-Computer Interaction, Security
UCL classification:UCL > School of Life and Medical Sciences > Faculty of Brain Sciences > Psychology and Language Sciences (Division of) > UCL Interaction Centre
UCL > School of BEAMS > Faculty of Engineering Science > Computer Science

View download statistics for this item

Archive Staff Only: edit this record