Please report any queries concerning the funding data grouped in the sections named "Externally Awarded" or "Internally Disbursed" (shown on the profile page) to
your Research Finance Administrator. Your can find your Research Finance Administrator at http://www.ucl.ac.uk/finance/research/post_award/post_award_contacts.php by entering your department
Please report any queries concerning the student data shown on the profile page to:
Email: portico-services@ucl.ac.uk
Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Email: portico-services@ucl.ac.uk
Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Publication Detail
“Ten strikes and you're out”: Increasing the number of login attempts can improve password usability
-
Publication Type:Conference presentation
-
Authors:Brostoff S, Sasse MA
-
Date:06/04/2003
-
Status:Published
-
Name of Conference:CHI 2003 Workshop on Human-Computer Interaction and Security Systems
-
Conference place:Fort Lauderdale, Florida
-
Conference start date:05/04/2003
-
Conference finish date:10/04/2003
-
Language:English
-
Keywords:Human-Computer Interaction, Security
-
Conference URL:
-
Full Text URL:
Abstract
Many users today are struggling to manage an increasing number of passwords. As a consequence, many organizations face an increasing demand on an expensive resource – the system administrators or help desks. This paper suggests that re-considering the “3- strikes” policy commonly applied to password login systems would be an immediate way of reducing this demand. We analyzed 10 weeks worth of system logs from a sample of 386 users, whose login attempts were not restricted in the usual manner. During that period, only 10% of login attempts failed. We predict that requests for password reminders could be reduced by up to 44% by increasing the number of strikes from 3 to ten.
› More search options
UCL Researchers
