Jali M.Z.Ismail S.Abdullah Z.H.2024-05-292024-05-292014199286452-s2.0-84906861687https://www.scopus.com/inward/record.uri?eid=2-s2.0-84906861687&partnerID=40&md5=a42229e8b2d0d019954018ec9ba12799https://oarep.usim.edu.my/handle/123456789/9560User authentication can be defined as the process of proving the user's identity. Three typical categories of user authentication are based on users' knowledge (i.e. PIN and Passwords), users' possession (i.e. Smart Card and Token) and users' characteristics (i.e. Iris and typing pattern). This paper presents an extensive review related to password-based authentication and then reports the latest experimental study conducted to evaluate the password practices among students within the authors' institution. Participants within the study were given a scenario where their accounts were hacked and straightforwardly, they were asked to create new passwords according to three conditions; namely C1 (i.e. having at least one upper, lower, number and special character), C2 (i.e. contains at least three words) and C3 (i.e. combination of C1 and C2 respectively). After a week time, they were again invited to participate by writing down their passwords to investigate memorability. Overall, the study managed to recruit 380 students, having a total of 1140 passwords. From the analysis covering password memorability, password creation and password perception, it could be reported that the three tested conditions have both positive and negative outcomes, thus authors suggest that 'a second look' should be considered if these conditions to be implemented in real setting. � 2005 - 2014 JATIT & LLS. All rights reserved.en-USKnowledge-based authenticationMemorabilityPasswordUser authenticationVulnerabilitiesAn assessment on the password practices among studentsArticle840848663