A multi-word password proposal (gridWord) and exploring questions about science in security research and usable security evaluation

Our agenda is two-fold. First, we introduce and give a technical description of gridWord, a novel knowledge-based authentication mechanism involving elements of both text and graphical passwords. It is intended to address a new research challenge arising from the evolution of Internet access devices, and which may arguably be viewed as motivating a new paradigm: remote access password schemes which accommodate users who alternately login from devices with, and without, full physical keyboards (e.g., users alternating between desktops with easy text input, and mobile devices with tiny or touch-screen virtual keyboards). While the core ideas behind gridWord are well-formed, and may be viewed as a new variation of old (text-based) ideas of building passwords from multiple words, many aspects including recommended parameterization and configuration details, preferred platforms, and primary targets …