Users mnemonic passwords: An empirical analysis

Currently the „user name and password‟ model is used extensively in offline computing systems and online correspondence. However this is a weak method of authentication because users tend to generate textual passwords that are easy to remember, easy to crack and recycled across multiple accounts. To counteract user errors associated with password authentication, many projects focus on developing authentication models that make use of mnemonic passwords without carefully considering the implications. This paper presents an empirical investigation into users regular (RPs) and mnemonic passwords (MPs) and expressions and justifies the effectiveness of MPs over RPs using a generated MPs dictionary and a password algorithm. From the study a total of 121 users MPs were found in the MPs dictionary relating to respondents names, personal information, religious and family background, life‟s philosophy and goals, representing 11.49% of total dictionary size. This reveals the vulnerability of utilizing expressions as MPs generator. Users MPs length and character complexity were better than that of RPs which denotes the fact that the use of MPs will enable users create stronger passwords against attacks. It is therefore recommended that two-factor or multifactor authentication models should be adopted in environments were MPs are employed.Keywords: Authentication, Security, Dictionary, Mnemonic Expressions, Password Crackin