Samuel Waters


Among system administrators, users are generally considered the weakest link in the security chain. One of the biggest concerns is how users create and remember passwords. To try and ensure the security of their systems, administrators will generally create policies regarding how complex a user's password must be, and will exhort the user to never write down, share, or reuse that password. On the surface, this seems like good security sense, and from an administrator's perspective, it is. However, to the user, who may have dozens of unique accounts, stringent policies create a significant cognitive burden. As such, users are generally guilty of creating ad hoc solutions to remember passwords, such as making them as simple as possible, writing them down, or reusing them. Administrators react by changing policies to make passwords even longer and more complex, and a negative circle is created. An alternative is to make use of Identity Federation (IF) systems. These systems allow end users to authenticate using a single password, thereby reducing the overall cognitive burden. This work will discuss the different technologies currently in use, and examine if these systems can provide adequate security while improving overall usability.

Library of Congress Subject Headings

Computers--Access control--Passwords; Computer networks--Security measures

Publication Date


Document Type



Border, Charles

Advisor/Committee Member

Borrelli, Thomas

Advisor/Committee Member

Weisman, Harris


Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works in December 2013. Physical copy available through RIT's The Wallace Library at: QA76.9.A25 W38 2012


RIT – Main Campus