Ben F. Barton: User-friendly password methods for computer-mediated information systems
タイトル
ソース
Computer & Security
ページ
186-195
年
1984
Volume
3
Number
3
ISBN
著者
概要
Violations of published strictures on password use have led to widespread unauthorized access to computer systems. The problem may compound as inexpert users, handicapped by inadequate guidance and ignorance of computers, are increasingly involved on networked, supposedly "user-friendly" workstations. The literature on password methods reflects a technocentric focus emphasizing security without due regard for user comfort, i.e., a "user-hostile", system perspective. We present a "user-friendly" model for the password selection and re-creation processes rooted in cognitive psychology. The model suggests two approaches to password selection -- one rooted in a nomothetic, or particularized, the other in an idiographic, or generalized, treatment of experience -- that exploit principles of recall, memory aids and simple formal transformations. A third approach, exploiting environmental cues -- hence recognition rather than recall -- is also considered. Intermediate approaches enable tradeoffs between password security and memorability appropriate to the context and cognitive style of the user. The reduction of the approaches to practice is illustrated in numerous examples. The approaches yield passwords more vulnerable to discovery than those envisioned in system-oriented theory, yet operationally superior to many prompted by strictures reflecting a technocentric system perspective. We recommend that guidance materials on password use be made available on systems.
コメント
増井俊之.icon
1984年(30年以上前!)のパスワード論文なのだが現在言われてることと何も変わってない気がする。 Webが流行るより10年前なのだから、そもそもパスワード使ってる人なんてほとんどいなかったかもしれない。
私はせいぜいUnixマシンにログインするのに使ってたぐらいで、真面目なものは使っていなかった。
そもそも1980年ごろからComputer & Securityなんて雑誌があったのか
リソース
参考文献
DOI