“Ten strikes and you're out”: Increasing the number of login attempts can improve password usability.
Presented at: CHI 2003 Workshop on Human-Computer Interaction and Security Systems, Fort Lauderdale, Florida.
Available under License : See the attached licence file.
Many users today are struggling to manage an increasing number of passwords. As a consequence, many organizations face an increasing demand on an expensive resource – the system administrators or help desks. This paper suggests that re-considering the “3- strikes” policy commonly applied to password login systems would be an immediate way of reducing this demand. We analyzed 10 weeks worth of system logs from a sample of 386 users, whose login attempts were not restricted in the usual manner. During that period, only 10% of login attempts failed. We predict that requests for password reminders could be reduced by up to 44% by increasing the number of strikes from 3 to ten.
|Type:||Conference item (UNSPECIFIED)|
|Title:||“Ten strikes and you're out”: Increasing the number of login attempts can improve password usability|
|Event:||CHI 2003 Workshop on Human-Computer Interaction and Security Systems|
|Location:||Fort Lauderdale, Florida|
|Dates:||2003-04-05 - 2003-04-10|
|Open access status:||An open access version is available from UCL Discovery|
|Keywords:||Human-Computer Interaction, Security|
|UCL classification:||UCL > School of Life and Medical Sciences > Faculty of Brain Sciences > Psychology and Language Sciences (Division of) > UCL Interaction Centre
UCL > School of BEAMS > Faculty of Engineering Science > Computer Science
Archive Staff Only