Skip to the content

Menu

Problem

Passwords are used to protect all sorts of data and are a critical part of daily life, but password creation requirements can vary widely. The National Institute of Standards and Technology (NIST) identified that usability and human factors elements are key elements of cyber security, and the agency wanted to investigate the password generation process to develop a better understanding of the impact of password creation requirements on usability. NIST contracted FMG to help understand and quantify the cognitive processes and strategies used during password generation, with the aim of finding an optimal password length, complexity, and phrasing that balances both security and usability requirements.

Process

FMG facilitated the development of cross-platform data collection programs and the collection of usability data with mobile device users. Our researchers worked with NIST staff to create the test protocol and conducted in-lab tests, during which participants were asked to memorize and enter passwords of various lengths and compositions. Observational data, participant self-reports, and success metrics were collected to investigate the implications of different password characteristics and performance and the difficulty of use.

Impact

These empirical data on memory, character, string, and password usage informed usability considerations for password policy in support of NIST’s ultimate work to inform and influence usability standards of password policy in government and industry.

Partner With FMG

Kinsey Gimbel

Director, Customer Experience

Get in Touch

Request a meeting. Ask a question. Send an RFP. Inquire about careers. The right person here will reply to your inquiry.

Impact

Submit your email. Receive FMG’s Impact, our monthly publication.

Please enter a valid Email address