U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Human Generated Passwords - the Impacts of Password Requirements and Presentation Styles

Published

Author(s)

Paul Y. Lee, Yee-Yin Choong

Abstract

The generation stage of the user password management lifecycle is arguably the most important yet perilous step. Fulfilling minimum length and character type requirements while attempting to create something memorable can become an arduous task, leaving the users frustrated and confused. Our study focuses on two areas - password requirements and formatting, and examines the differences in user performance to understand the human password generation space. The results show a clear drop in performance when users generate passwords following a complex rule set as opposed to a simple rule set, with fewer passwords, more errors, and longer times for rule comprehension and password generation. Formatted rule presentation shows promising results that may facilitate user password generation. Findings from this study will contribute to a better understanding of the user password generation stage and shed light on future development of password policies balancing security and usability.
Proceedings Title
Proceedings of the 17th International Conference on Human-Computer Interaction (HCII2015)
Conference Dates
August 2-7, 2015
Conference Location
Los Angeles, CA, US
Pub Type
Conferences

Download Paper

Local Download

Keywords

password generation, cyber security, password policy, usability
Information technology and Cybersecurity and privacy

Citation

Lee, P. and Choong, Y. (2015), Human Generated Passwords - the Impacts of Password Requirements and Presentation Styles, Proceedings of the 17th International Conference on Human-Computer Interaction (HCII2015), Los Angeles, CA, US, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=917941 (Accessed May 17, 2026)
Additional citation formats

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created August 2, 2015, Updated May 7, 2026
Was this page helpful?