SNIPPET: Genuine Knowledge-Based Authentication

Renaud, K., Kennes, D., van Niekerk, J. and Maguire, J. (2013) SNIPPET: Genuine Knowledge-Based Authentication. In: 12th Annual Conference on Information Security South Africa, Johannesburg, South Africa, 14-16 Aug 2013, pp. 1-8. (doi: 10.1109/ISSA.2013.6641059)

Full text not currently available from Enlighten.


Authentication is traditionally performed based on what you know, what you hold or what you are. The first is the most popular, in the form of the password. This is often referred to as “knowledge-based” authentication. Yet, given the guidelines for password restrictions commonly given to end-users we will argue that this is a misnomer. A strong password is actually a lengthy string of gibberish or nonsense. Common password strength guidelines advise users against choosing meaningful passwords.

Item Type:Conference Proceedings
Glasgow Author(s) Enlighten ID:Renaud, Professor Karen and Maguire, Dr Joseph
Authors: Renaud, K., Kennes, D., van Niekerk, J., and Maguire, J.
College/School:College of Science and Engineering > School of Computing Science
Research Group:Human-centred Security Research Group

University Staff: Request a correction | Enlighten Editors: Update this record