Chapter 7, "The Memorability and Security of Passwords" in O'Reilly's Security and Usability: Designing Secure Systems that People Can Use (http://www.amazon.com/gp/product/0596008279/sr=8-1/qid=1143475157/ref=pd_bbs_1/103-1120557-9567045?%5Fencoding=UTF8) might be of interest to you.
The overarching theme of the book is that theoretically secure systems with usability problems end up being neither secure (because users subvert them) nor usable. Some findings from Chap 7 include the fact that a significant number of users did not comply with instructions for password generation: "Theoretical analysis does not guarantee the security of systems. It is often necessary to study systems as they are used in practice," and "Rigorous experimental testing of interface usability is one of the necessary ingredients for robust secure systems." The authors suggest mnemonic-based passwords (generated from passphrases) as one alternative that was both usable and which had nearly as much resistance to brute-force crackers as did completely random passwords. Chapter 6 also provides some interesting criteria for evaluating authentication mechanisms. Cheers, Alen (disclaimer: although I contributed to one of the chapters in the book, I don't get a dime from sales. I think it is full of great insight, though, as do the customer reviews at Amazon) _______________________________________________ p2p-hackers mailing list p2p-hackers@zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
