What do you think?
Rate this book
Measuring the Usability and Security of Permuted Passwords on Mobile Platforms: NiSTIR 8040
NISTIR 8040 April 2016
Password entry on mobile devices significantly impacts both usability and security, but there is a lack of usable security research in this area, specifically for complex password entry. To address this research gap, we set out to assign strength metrics to passwords for which we already had usability data, in an effort to have a more meaningful comparison between usability and security. This document reports a method of optimizing the input of randomly generated passwords on mobile devices via password permutation to allow for a comparison of password usability data. We found that the number of keystrokes saved—the efficiency gained—via permutation depends on the number of onscreen keyboard changes required in the original password rather than on password length. Additionally, we created and are releasing Python scripts (publicly available from for the experiments on entropy loss we conducted across passwords ranging in length from 5 to 20 characters.
Why buy a book you can download for free?
First you gotta find it and make sure it’s the latest version (not always easy). Then you gotta print it using a network printer you share with 100 other people – and its outta paper – and the toner is low (take out the toner cartridge, shake it, then put it back). If it’s just 10 pages, no problem, but if it’s a 250-page book, you will need to punch 3 holes in all those pages and put it in a 3-ring binder. Takes at least an hour. An engineer that’s paid $75 an hour has to do this himself (who has assistant’s anymore?).
If you are paid more than $10 an hour and use an ink jet printer, buying this book will save you money.
It’s much more cost-effective to just order the latest version from Amazon.com
This book is published by 4th Watch Books and includes copyright material. We publish compact, tightly-bound, full-size books (8 ½ by 11 inches), with glossy covers. 4th Watch Books is a Service Disabled Veteran-Owned Small Business (SDVOSB), and is not affiliated with the National Institute of Standards and Technology.
For more titles published by 4th Watch Books, please cybah.webplus.net
A full copy of all the pertinent cybersecurity standards is available on DVD-ROM in the CyberSecurity Standards Library disc which is available at Amazon.com.
NIST SP 500-299 NIST Cloud Computing Security Reference Architecture
NIST SP 500-291 NIST Cloud Computing Standards Roadmap Version 2
NIST SP 500-293 US Government Cloud Computing Technology Roadmap Volume 1 & 2
NIST SP 500-293 US Government Cloud Computing Technology Roadmap Volume 3 DRAFT
NIST SP 1800-8 Securing Wireless Infusion Pumps
Password entry on mobile devices significantly impacts both usability and security, but there is a lack of usable security research in this area, specifically for complex password entry. To address this research gap, we set out to assign strength metrics to passwords for which we already had usability data, in an effort to have a more meaningful comparison between usability and security. This document reports a method of optimizing the input of randomly generated passwords on mobile devices via password permutation to allow for a comparison of password usability data. We found that the number of keystrokes saved—the efficiency gained—via permutation depends on the number of onscreen keyboard changes required in the original password rather than on password length. Additionally, we created and are releasing Python scripts (publicly available from for the experiments on entropy loss we conducted across passwords ranging in length from 5 to 20 characters.
Why buy a book you can download for free?
First you gotta find it and make sure it’s the latest version (not always easy). Then you gotta print it using a network printer you share with 100 other people – and its outta paper – and the toner is low (take out the toner cartridge, shake it, then put it back). If it’s just 10 pages, no problem, but if it’s a 250-page book, you will need to punch 3 holes in all those pages and put it in a 3-ring binder. Takes at least an hour. An engineer that’s paid $75 an hour has to do this himself (who has assistant’s anymore?).
If you are paid more than $10 an hour and use an ink jet printer, buying this book will save you money.
It’s much more cost-effective to just order the latest version from Amazon.com
This book is published by 4th Watch Books and includes copyright material. We publish compact, tightly-bound, full-size books (8 ½ by 11 inches), with glossy covers. 4th Watch Books is a Service Disabled Veteran-Owned Small Business (SDVOSB), and is not affiliated with the National Institute of Standards and Technology.
For more titles published by 4th Watch Books, please cybah.webplus.net
A full copy of all the pertinent cybersecurity standards is available on DVD-ROM in the CyberSecurity Standards Library disc which is available at Amazon.com.
NIST SP 500-299 NIST Cloud Computing Security Reference Architecture
NIST SP 500-291 NIST Cloud Computing Standards Roadmap Version 2
NIST SP 500-293 US Government Cloud Computing Technology Roadmap Volume 1 & 2
NIST SP 500-293 US Government Cloud Computing Technology Roadmap Volume 3 DRAFT
NIST SP 1800-8 Securing Wireless Infusion Pumps
68 pages, Paperback
Published April 29, 2016
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
No one has reviewed this book yet.