Is there some scientific way to prove that say entering a masked 12 character password accurately is XXX times harder than entering an 8 character password?
And that with symbol, punctuation, numbers etc requirements for keyboard entry.
Asked
Active
Viewed 50 times
2
-
1While Jakob Nielsen has his clear opinion on password masking, his article does not cite research. /: He argues with basic usability heuristics (Visibility of system status) – Andy Feb 14 '23 at 12:30
-
1For questions like these, I’m always convinced that some research was done—but where do we find it? The whole research papers world seems so inaccessible to me. Whenever I’ll have the chance, I’ll conduct such research and publish it on a blog. You never know who can profit (: – Andy Feb 14 '23 at 13:36
-
1If speed and accuracy are the metrics, then the nearest thing to a scientific way of comparing the methods would be GOMS model test. https://en.wikipedia.org/wiki/GOMS – TommyPeanuts Oct 17 '23 at 21:17
1 Answers
1
You can certainly try to run a research to prove this, but the mathematics will have already been done when working out the level of security of passwords so you'll just have to go find the reference for it (or maybe post on Information Security StackExchange).
But the basic premise is that if the probability of entering the correct character at a specific position is x%, and you are required to get every position correct, then chances are the more characters you need to get correct, the lower the probability will be. You can't work out the exact probability because different password requirements allow different characters and/or symbols, not to mention case sensitivity. So the figures can vary by a bit, but the general principle holds.
However, I would suggest that the research needed is to understand what support is required for the users when it comes to password generation and validation (perhaps at least consider a feature to unmask the characters entered).
Michael Lai
- 27,124
- 17
- 89
- 186