{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,23]],"date-time":"2026-02-23T16:20:30Z","timestamp":1771863630649,"version":"3.50.1"},"reference-count":27,"publisher":"SAGE Publications","issue":"5","license":[{"start":{"date-parts":[[2018,5,2]],"date-time":"2018-05-02T00:00:00Z","timestamp":1525219200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Hum Factors"],"published-print":{"date-parts":[[2018,8]]},"abstract":"<jats:sec><jats:title>Objective:<\/jats:title><jats:p> We developed a new authentication system based on passphrases instead of passwords. Our new system incorporates a user-generated mnemonic picture displayed during login, definition tooltips, error correction to reduce typographical errors, a decoy-based input masking technique, and random passphrase generation using either a specialized wordlist or a sentence template. <\/jats:p><\/jats:sec><jats:sec><jats:title>Background:<\/jats:title><jats:p> Passphrases exhibit a greater level of security than traditional passwords, but their wider adoption has been hindered by human factors issues. Our assertion is that the added features of our system work particularly well with passphrases and help address these shortcomings. <\/jats:p><\/jats:sec><jats:sec><jats:title>Method:<\/jats:title><jats:p> We conducted a study to evaluate our new system with a customized 1,450-word list and our new system with a 6-word sentence structure against the control conditions of a user-created passphrase of at least 24 characters and a system-generated passphrase using a 10,326-word list. Fifty participants completed two sessions so that we could measure the usability and security of the authentication schemes. <\/jats:p><\/jats:sec><jats:sec><jats:title>Results:<\/jats:title><jats:p> With the new system conditions, memorability was improved, and security was equivalent to or better than the control conditions. Usability and overall ratings also favored the new system conditions over the control conditions. <\/jats:p><\/jats:sec><jats:sec><jats:title>Conclusion:<\/jats:title><jats:p> Our research presents a new authentication system using innovative techniques that improve on the usability and security of existing password and passphrase authentication systems. <\/jats:p><\/jats:sec><jats:sec><jats:title>Application:<\/jats:title><jats:p> In computer security, drastic changes should never happen overnight, but we recommend that our contributions be incorporated into current authentication systems to help facilitate a transition from passwords to usable passphrases. <\/jats:p><\/jats:sec>","DOI":"10.1177\/0018720818767683","type":"journal-article","created":{"date-parts":[[2018,5,2]],"date-time":"2018-05-02T19:18:29Z","timestamp":1525288709000},"page":"658-668","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":10,"title":["Integrating Visual Mnemonics and Input Feedback With Passphrases to Improve the Usability and Security of Digital Authentication"],"prefix":"10.1177","volume":"60","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8557-8092","authenticated-orcid":false,"given":"Kevin","family":"Juang","sequence":"first","affiliation":[{"name":"SunTrust Bank, Atlanta, Georgia"}]},{"given":"Joel","family":"Greenstein","sequence":"additional","affiliation":[{"name":"Clemson University, South Carolina"}]}],"member":"179","published-online":{"date-parts":[[2018,5,2]]},"reference":[{"key":"bibr1-0018720818767683","doi-asserted-by":"publisher","DOI":"10.3758\/BF03193441"},{"key":"bibr2-0018720818767683","unstructured":"Biancuzzi F. (2006, February 22). John the Ripper 1.7, by Solar Designer. Retrieved from http:\/\/www.securityfocus.com\/columnists\/388\/2"},{"key":"bibr3-0018720818767683","first-page":"189","volume-title":"Usability evaluation in industry","author":"Brooke J","year":"1996"},{"key":"bibr4-0018720818767683","doi-asserted-by":"publisher","DOI":"10.6028\/NIST.SP.800-63v1.0.2"},{"key":"bibr5-0018720818767683","doi-asserted-by":"publisher","DOI":"10.1037\/0096-3445.104.3.268"},{"key":"bibr6-0018720818767683","doi-asserted-by":"publisher","DOI":"10.1177\/1541931213571091"},{"key":"bibr7-0018720818767683","doi-asserted-by":"publisher","DOI":"10.1016\/S0166-4115(08)62386-9"},{"key":"bibr8-0018720818767683","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.150"},{"key":"bibr9-0018720818767683","unstructured":"Hruska T. (2011, November 3). How to calculate password strength. Retrieved from http:\/\/cubicspot.blogspot.com\/2011\/11\/how-to-calculate-password-strength.html"},{"key":"bibr10-0018720818767683","doi-asserted-by":"publisher","DOI":"10.1177\/1071181311551234"},{"key":"bibr11-0018720818767683","doi-asserted-by":"publisher","DOI":"10.1177\/1071181312561105"},{"key":"bibr12-0018720818767683","doi-asserted-by":"publisher","DOI":"10.1016\/j.ijhcs.2006.08.005"},{"key":"bibr13-0018720818767683","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.38"},{"key":"bibr14-0018720818767683","unstructured":"Kelly C. (2010). VOA Special English word book. Retrieved from http:\/\/www.manythings.org\/voa\/words.htm"},{"key":"bibr15-0018720818767683","doi-asserted-by":"publisher","DOI":"10.1145\/1978942.1979321"},{"key":"bibr16-0018720818767683","doi-asserted-by":"publisher","DOI":"10.1145\/1143120.1143129"},{"key":"bibr17-0018720818767683","doi-asserted-by":"publisher","DOI":"10.1109\/EIT.2007.4374533"},{"key":"bibr18-0018720818767683","first-page":"1","volume-title":"Proceedings of BSDCan 2009","author":"Percival C","year":"2009"},{"key":"bibr19-0018720818767683","doi-asserted-by":"publisher","DOI":"10.3758\/BF03195438"},{"key":"bibr20-0018720818767683","doi-asserted-by":"publisher","DOI":"10.1145\/2435349.2435395"},{"key":"bibr21-0018720818767683","unstructured":"Reinhold A. (2012). The Diceware passphrase home page. Retrieved from http:\/\/world.std.com\/~reinhold\/diceware.html"},{"key":"bibr22-0018720818767683","first-page":"103","volume-title":"Security and usability","author":"Renaud K","year":"2005"},{"key":"bibr23-0018720818767683","doi-asserted-by":"publisher","DOI":"10.1145\/2335356.2335366"},{"key":"bibr24-0018720818767683","unstructured":"Shiner J. (2013). On hashcat and strong master passwords as your best protection. Retrieved from http:\/\/blog.agilebits.com\/2013\/04\/16\/1password-hashcat-strong-master-passwords\/"},{"key":"bibr25-0018720818767683","unstructured":"Whitten A., Tygar J. D. (1999). Why Johnny can\u2019t encrypt: A usability evaluation of PGP 5.0. Proceedings of the 8th USENIX Security Symposium (pp. 169\u2013184). Retrieved from https:\/\/www.usenix.org\/conference\/8th-usenix-security-symposium\/why-johnny-cant-encrypt-usability-evaluation-pgp-50"},{"key":"bibr26-0018720818767683","first-page":"354","volume-title":"Proceedings of the Section on Survey Research Methods","author":"Winkler W. E","year":"1990"},{"key":"bibr27-0018720818767683","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2004.81"}],"container-title":["Human Factors: The Journal of the Human Factors and Ergonomics Society"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/0018720818767683","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.1177\/0018720818767683","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/0018720818767683","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,1]],"date-time":"2025-03-01T10:50:21Z","timestamp":1740826221000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.1177\/0018720818767683"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,5,2]]},"references-count":27,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2018,8]]}},"alternative-id":["10.1177\/0018720818767683"],"URL":"https:\/\/doi.org\/10.1177\/0018720818767683","relation":{},"ISSN":["0018-7208","1547-8181"],"issn-type":[{"value":"0018-7208","type":"print"},{"value":"1547-8181","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,5,2]]}}}