PASSWORD CREATION STRATEGIES: THE EFFECTIVENESS OF PASSPHRASES VS. COMPLEX PASSWORDS (EXPERIMENT)

Authors

  • Boboqulova Aziza Adizovna Preschool educator at State Preschool Educational Institution No. 11 at Mohi-Xossa Mahalla at Bukhara City, Uzbekistan

Keywords:

Passphrase, complex password, memorability

Abstract

This study compares the security and usability of two password creation strategies—random word–based passphrases and user‐constructed complex passwords—using an experimental design with classroom participants. Grounded in guidance from modern authentication standards and prior human–computer interaction research, we examine memorability, creation and recall times, one-week retention, and estimated resistance to offline guessing. Participants memorized either a five-word diceware-style passphrase or a complex string that met typical composition rules. Immediate and delayed recall, error rates, and response latencies were recorded; theoretical entropy and simulated cracking success were estimated from policy-conformant models. Passphrases produced higher one-week recall, faster correct recall, and comparable or superior effective strength because user-created complex strings tended to embed predictable patterns that reduced entropy. The findings support length-first, composition-light policies with bans on common phrases, combined with two-factor authentication and password manager use.

Downloads

Download data is not yet available.

References

Grassi P.A., Garcia M., Fenton J.L. Digital Identity Guidelines: Authentication and Lifecycle Management (SP 800-63B). — Gaithersburg, MD: National Institute of Standards and Technology, 2017 (rev. 2020). — 142 p.

Komanduri S., Shay R., Kelley P.G., Mazurek M.L., Bauer L., Christin N., Cranor L.F., Egelman S. Of passwords and people: measuring the effect of password-composition policies // Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. — Vancouver, 2011. — P. 2595–2604.

Bonneau J. The science of guessing: analyzing an anonymized corpus of 70 million passwords // 2012 IEEE Symposium on Security and Privacy. — San Francisco, 2012. — P. 538–552.

Shay R., Komanduri S., Kelley P.G., Leon P.G., Ur B., Vidas T., Bauer L., Christin N., Cranor L.F. Encountering stronger password requirements: user attitudes and behaviors // Proceedings of the Sixth Symposium on Usable Privacy and Security (SOUPS). — Redmond, 2010. — P. 1–20.

Bonneau J., Schechter S. Towards reliable storage of 56-bit secrets in human memory // 23rd USENIX Security Symposium. — San Diego, 2014. — P. 607–623.

Downloads

Published

2025-07-30

How to Cite

Boboqulova Aziza Adizovna. (2025). PASSWORD CREATION STRATEGIES: THE EFFECTIVENESS OF PASSPHRASES VS. COMPLEX PASSWORDS (EXPERIMENT). International Scientific and Current Research Conferences, 1(01), 119–121. Retrieved from https://www.orientalpublication.com/index.php/iscrc/article/view/1935

Issue

2025: CULTURAL DIVERSITY AND INCLUSION IN A GLOBALIZED WORLD

Section

Articles

License

Copyright (c) 2025 Boboqulova Aziza Adizovna

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The content published on the International Scientific and Current Research Conferences platform, including conference papers, abstracts, and presentations, is made available under an open-access model. Users are free to access, share, and distribute this content, provided that proper attribution is given to the original authors and the source.