{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,21]],"date-time":"2025-10-21T15:13:36Z","timestamp":1761059616843,"version":"3.41.2"},"reference-count":28,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2013,11,25]],"date-time":"2013-11-25T00:00:00Z","timestamp":1385337600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,11,25]]},"abstract":"\n Purpose<\/jats:title>\n \u2013 Text-based passwords created by users are typically weak. A common mitigation is to provide meaningful feedback to users regarding the relative strength of their newly created password. However, the effects of these feedback mechanisms on users to create stronger passwords have not been well studied. This study examined four different types of password feedback mechanisms to determine which, if any, are the most effective. The paper aims to discuss these issues. <\/jats:p>\n <\/jats:sec>\n \n Design\/methodology\/approach<\/jats:title>\n \u2013 Undergraduate student volunteers created four different passwords and then entered the passwords into four different online password feedback mechanisms. Participants were then asked whether the feedback persuaded them to change their original password. <\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n \u2013 In all cases, the feedback mechanisms significantly influenced users with lower password entropy to choose a more secure password. The password feedback mechanism that was most effective was the feedback of the estimated amount of time to break the password. <\/jats:p>\n <\/jats:sec>\n \n Research limitations\/implications<\/jats:title>\n \u2013 Undergraduate students in an academic environment were the participants, which may limit external validity. <\/jats:p>\n <\/jats:sec>\n \n Practical implications<\/jats:title>\n \u2013 The implications are for designers of web sites and other applications that require users to create a text-based password: any feedback mechanism can influence users to create passwords with higher entropy, yet those that indicate the length of time it would take to crack the password are most effective. <\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n \u2013 There are a wide variety of password feedback mechanisms in use. However, their effects on influencing users to create stronger passwords have not been well studied.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/imcs-12-2012-0072","type":"journal-article","created":{"date-parts":[[2013,10,24]],"date-time":"2013-10-24T04:56:39Z","timestamp":1382590599000},"page":"344-359","source":"Crossref","is-referenced-by-count":14,"title":["A comparison of password feedback mechanisms and their impact on password entropy"],"prefix":"10.1108","volume":"21","author":[{"given":"Mark","family":"Ciampa","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2022012919481293300_b3","doi-asserted-by":"crossref","unstructured":"Brostoff, S.\n and \n Sasse, A.\n (2000), \u201cAre passfaces more usable than passwords? A field trial investigation\u201d, Proceedings of Human-Computer Interaction Resource Network 2000, HCI, San Diego, CA, pp. 1-20.","DOI":"10.1007\/978-1-4471-0515-2_27"},{"key":"key2022012919481293300_b4","doi-asserted-by":"crossref","unstructured":"Brown, A.\n , \n Bracken, E.\n , \n Zolccoli, S.\n and \n Douglas, K.\n (2004), \u201cGenerating and remembering passwords\u201d, Applied Cognitive Psychology, Vol. 18 No. 6, pp. 641-651.","DOI":"10.1002\/acp.1014"},{"key":"key2022012919481293300_b5","doi-asserted-by":"crossref","unstructured":"Bunnel, J.\n , \n Podd, J.\n , \n Henderson, R.\n , \n Napier, R.\n and \n Kennedy-Moffat, J.\n (1997), \u201cCognitive, associative and conventional passwords: recall and guessing rates\u201d, Computers and Security, Vol. 16 No. 7, pp. 641-657.","DOI":"10.1016\/S0167-4048(97)00008-4"},{"key":"key2022012919481293300_b6","unstructured":"Burnett, M.\n and \n Kleinman, D.\n (2006), Perfect Passwords: Selection, Protection, Authentication, Syngress, Burlington, MA."},{"key":"key2022012919481293300_b7","unstructured":"Burr, W.\n , \n Dodson, D.\n , \n Newton, E.\n , \n Perlner, R.\n , \n Polk, W.\n , \n Gupta, S.\n and \n Nabbus, E.\n (2011), Computer Security Division: Computer Security Resource Center, National Institute of Standards and Technology, available at: http:\/\/csrc.nist.gov\/publications\/nistpubs\/800-63-1\/SP-800-63-1.pdf (accessed December 29, 2012)."},{"key":"key2022012919481293300_b8","doi-asserted-by":"crossref","unstructured":"Charoen, D.\n , \n Raman, M.\n and \n Olfamn, L.\n (2008), \u201cImproving end user behaviour in password utilization: an action research initiative\u201d, Systemic Practice and Action Research, Vol. 21 No. 1, pp. 55-72.","DOI":"10.1007\/s11213-007-9082-4"},{"key":"key2022012919481293300_b2","unstructured":"DataGenetics\n (2012), \u201cPIN analysis\u201d, available at: http:\/\/datagenetics.com\/blog\/september32012\/index.html (accessed September 28, 2012)."},{"key":"key2022012919481293300_b9","doi-asserted-by":"crossref","unstructured":"Gaw, S.\n and \n Felten, E.\n (2006), \u201cPassword management strategies for online accounts\u201d, Symposium on Usable Privacy and Security, Association for Computing Machinery, Pittsburgh, PA, pp. 44-55.","DOI":"10.1145\/1143120.1143127"},{"key":"key2022012919481293300_b10","unstructured":"Goodin, D.\n (2012), \u201cLike passwords had never been weaker \u2013 and crackers have never been stronger\u201d, Arts Technica, available at: http:\/\/arstechnica.com\/security\/2012\/08\/passwords-under-assault\/2\/ (accessed August 25, 2012)."},{"key":"key2022012919481293300_b11","unstructured":"Gosney, J.\n (2012), Password Cracking HPC, Passwords\u222712, Forum for Research and Innovation in Security and Communications, Oslo, available at: http:\/\/passwords12.at.ifi.uio.no\/."},{"key":"key2022012919481293300_b12","doi-asserted-by":"crossref","unstructured":"Hellman, M.\n (1980), \u201cA cryptoanalytic time-memory trade-off\u201d, IEEE Transactions on Information Theory, Vol. 26 No. 4, pp. 401-406.","DOI":"10.1109\/TIT.1980.1056220"},{"key":"key2022012919481293300_b1","unstructured":"Imperva\n (2010), \u201cConsumer password worst practices\u201d, available at: www.imperva.com\/lg\/lgw.asp?pid=379 (accessed November 6, 2012)."},{"key":"key2022012919481293300_b13","doi-asserted-by":"crossref","unstructured":"Kruger, H.\n , \n Steyn, T.\n , \n Medlin, B.\n and \n Drevin, L.\n (2008), \u201cAn empirical assessment of factors impeding effective password management\u201d, Journal of Information Privacy and Security, Vol. 4 No. 4, pp. 45-59.","DOI":"10.1080\/2333696X.2008.10855851"},{"key":"key2022012919481293300_b14","doi-asserted-by":"crossref","unstructured":"Kulkarni, D.\n (2010), \u201cA novel web-based approach for balancing usability and security requirements of text passwords\u201d, International Journal of Network Security and Its Applications, Vol. 2 No. 3, pp. 1-16.","DOI":"10.5121\/ijnsa.2010.2301"},{"key":"key2022012919481293300_b15","unstructured":"Lystad, T.A.\n (2012), \u201cThe password project\u201d, July 13, available at: http:\/\/thepasswordproject.com\/main_page (accessed November 6, 2012)."},{"key":"key2022012919481293300_b16","unstructured":"Mask Attack\n (2012), \u201cHahscat advanced password recovery\u201d, available at: http:\/\/hashcat.net\/wiki\/doku.php?id=mask_attack (accessed November 8, 2012)."},{"key":"key2022012919481293300_b17","doi-asserted-by":"crossref","unstructured":"Miller, G.\n (1956), \u201cThe magical number seven, plus or minus two: some limits on our capacity for processing information\u201d, Psychology Review, Vol. 63, pp. 81-97.","DOI":"10.1037\/h0043158"},{"key":"key2022012919481293300_b18","unstructured":"Neath, I.\n (1998), Human Memory: An Introduction to Research, Data, and Theory, Brooks\/Cole, Pacific Grove, CA."},{"key":"key2022012919481293300_b19","unstructured":"Pastore, M.\n and \n Dulaney, E.\n (2006), CompTIA Security+Study Guide, 3rd ed., Wiley, Indianapolis, IN."},{"key":"key2022012919481293300_b20","unstructured":"Ranganayakulu, S.\n (2012), A System-Generated Password and Mnemonic Approach to Optimize the Security and Usability of Text-Based Passwords, UMI Dissertation Publishing, Clemson, SC, May."},{"key":"key2022012919481293300_b21","unstructured":"Rosenberger, C.\n (2012), Enhancing the Password Security with Keystroke Dynamics, Passwords\u222712, Forum for Research and Innovation in Security and Communications, Oslo."},{"key":"key2022012919481293300_b22","doi-asserted-by":"crossref","unstructured":"Sasse, M.\n and \n Brostoff, S.W.\n (2001), \u201cTransforming the \u2018weakest link\u2019: a human\/computer interaction approach to usable and effective security\u201d, BT Technology Journal, Vol. 19 No. 3, pp. 122-131.","DOI":"10.1023\/A:1011902718709"},{"key":"key2022012919481293300_b23","unstructured":"Schneier, B.\n (2004), Secrets and Lies: Digital Security in a Networked World, Wiley, New York, NY."},{"key":"key2022012919481293300_b24","doi-asserted-by":"crossref","unstructured":"Shay, R.\n , \n Komanduri, S.\n , \n Kelley, P.\n , \n Bauer, L.\n , \n Leon, P.\n , \n Christin, N.\n and \n Cranon, L.\n (2010), \u201cEncountering strong password requirements: user attitudes and behaviors\u201d, Proceedings of SOUPS'10, Redmond, WA.","DOI":"10.1145\/1837110.1837113"},{"key":"key2022012919481293300_b25","doi-asserted-by":"crossref","unstructured":"Topkara, U.\n , \n Atallah, M.\n and \n Topkara, M.\n (2007), \u201cPasswords decay, words endure: secure and re-usable multiple password mnemonics\u201d, Proceedings of the 2007 ACM Symposium on Applied Computing, ACM, Seoul, pp. 292-299.","DOI":"10.1145\/1244002.1244072"},{"key":"key2022012919481293300_b26","unstructured":"Ur, B.\n , \n Kelley, P.\n , \n Komanduri, S.\n , \n Lee, J.\n , \n Maass, M.\n , \n Mazurek, M.\n and \n Cranor, L.\n (2012), \u201cHow does your password measure up? The effect of strength meters on password creation\u201d, 21st USENIX Security Symposium, USENIX, Bellevue, WA, pp. 65-80."},{"key":"key2022012919481293300_b27","doi-asserted-by":"crossref","unstructured":"Vu, K.-P.\n , \n Proctor, R.\n , \n Bhargav-Spantzel, A.\n , \n Tai, B.-L.\n , \n Cook, J.\n and \n Schultz, E.\n (2007), \u201cImproving password security and memorability to protect personal and organizational information\u201d, International Journal of Human-Computer Studies, No. 65, pp. 744-757.","DOI":"10.1016\/j.ijhcs.2007.03.007"},{"key":"key2022012919481293300_b28","doi-asserted-by":"crossref","unstructured":"Yan, J.\n , \n Blackwell, A.\n , \n Anderson, R.\n and \n Grant, A.\n (2004), \u201cPassword memorability and security: empirical results\u201d, IEEE Security and Privacy, Vol. 2 No. 5, pp. 25-31.","DOI":"10.1109\/MSP.2004.81"}],"container-title":["Information Management & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/IMCS-12-2012-0072","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/IMCS-12-2012-0072\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/IMCS-12-2012-0072\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,24]],"date-time":"2025-07-24T21:50:51Z","timestamp":1753393851000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/21\/5\/344-359\/186054"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,11,25]]},"references-count":28,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2013,11,25]]}},"alternative-id":["10.1108\/IMCS-12-2012-0072"],"URL":"https:\/\/doi.org\/10.1108\/imcs-12-2012-0072","relation":{},"ISSN":["0968-5227"],"issn-type":[{"type":"print","value":"0968-5227"}],"subject":[],"published":{"date-parts":[[2013,11,25]]}}}