Memorability of persuasive passwords

Text passwords are the primary authentication method used for most online services. Many online users select weak passwords. Regrettably, most proposed methods of strengthening passwords compromise memorability. This paper explores a lightweight password creation mechanism's effect on password memorability. Our system employs Persuasive Technology to assist users in creating stronger passwords. Results show that our improvement scheme affected password memorability only for users who created secure passwords before the system applied its improvement. This result warns researchers to not alienate users who are already security-aware when trying to assist security-unaware users to behave more securely.

[1]  Lorrie Faith Cranor,et al.  Human selection of mnemonic phrase-based passwords , 2006, SOUPS '06.

[2]  J. Yan,et al.  Password memorability and security: empirical results , 2004, IEEE Security & Privacy Magazine.

[3]  Matt Bishop A Proactive Password Checker , 1990 .

[4]  Martina Angela Sasse,et al.  Computer Security: Anatomy of a Usability Disaster, and a Plan for Recovery , 2003 .

[5]  R. Biddle,et al.  Persuasion as Education for Computer Security , 2007 .

[6]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[7]  Joshua Cook,et al.  Improving password security and memorability to protect personal and organizational information , 2007, Int. J. Hum. Comput. Stud..

[8]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[9]  G. A. Miller THE PSYCHOLOGICAL REVIEW THE MAGICAL NUMBER SEVEN, PLUS OR MINUS TWO: SOME LIMITS ON OUR CAPACITY FOR PROCESSING INFORMATION 1 , 1956 .

[10]  M.D. Leonhard,et al.  A comparative study of three random password generators , 2007, 2007 IEEE International Conference on Electro/Information Technology.

[11]  L. R. Peterson,et al.  Short-term retention of individual verbal items. , 1959, Journal of experimental psychology.

[12]  Cormac Herley,et al.  A large-scale study of web password habits , 2007, WWW '07.

[13]  B. J. Fogg,et al.  Persuasive technology: using computers to change what we think and do , 2002, UBIQ.

[14]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[15]  Julie Bunnell,et al.  Word Association Computer Passwords: The Effect of Formulation Techniques on Recall and Guessing Rates , 2000, Comput. Secur..

[16]  F. Gobet,et al.  The Cambridge handbook of expertise and expert performance , 2006 .

[17]  Steven Furnell,et al.  An assessment of website password practices , 2007, Comput. Secur..

[18]  Fernand Gobet,et al.  Chunks in expert memory: Evidence for the magical number four … or is it two? , 2004, Memory.