ABSTRACT
Text passwords are the primary authentication method used for most online services. Many online users select weak passwords. Regrettably, most proposed methods of strengthening passwords compromise memorability. This paper explores a lightweight password creation mechanism's effect on password memorability. Our system employs Persuasive Technology to assist users in creating stronger passwords. Results show that our improvement scheme affected password memorability only for users who created secure passwords before the system applied its improvement. This result warns researchers to not alienate users who are already security-aware when trying to assist security-unaware users to behave more securely.
References
- Adams, A. & Sasse, M. A. Users Are Not The Enemy. Communications of the ACM 42, 12 (1999), 41--46. Google Scholar
Digital Library
- Bishop, M. A Proactive Password Checker. Technical Report PCS-TR90-152 (1990), accessed Jan 2008, http://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/19920018383_1992018383.pdf Google Scholar
Digital Library
- Ericsson, K. A., Charness, N., Feltovich, P. J., & Hoffman, R. R. The Cambridge Handbook of Expertise and Expert Performance. Cambridge University Press, Cambridge, UK, 2006.Google Scholar
Cross Ref
- Florencio, D. & Herley, C. A Large-Scale Study of Web Password Habits. Proc. WWW 2007, 657--666. Google Scholar
Digital Library
- Fogg, B. J. Persuasive Technology: Using Computers to Change What We Think and Do. Morgan Kaufmann, San Francisco, USA, 2003. Google Scholar
Digital Library
- Forget, A., Chiasson, S., & Biddle, R. Persuasion as Education for Computer Security. Proc. E-Learn 2007, AACE, 822--829.Google Scholar
- Furnell, S. An assessment of website password practices. Computers & Security 26, 7-8 (2007), 445--451.Google Scholar
Digital Library
- Gobet, F. & Clarkson, G. Chunks in expert memory: Evidence for the magical number four..or is it two? Memory 12, 6 (2004), 732--747.Google Scholar
Cross Ref
- Kuo, C., Romanosky, S., & Cranor, L.F. Human Selection of Mnemonic Phrase-based Passwords. Proc. SOUPS 2006, ACM Press, 67--78. Google Scholar
Digital Library
- Leonhard, M. D. & Venkatakrishnan, V. N. A Comparative Study of Three Random Password Generators. Proc. IEEE EIT 2007, 227--232.Google Scholar
Cross Ref
- Menezes, A. J., van Oorschot, P. C. & Vanstone, S. A. Handbook of Applied Cryptography. CRC Press, 1996. Google Scholar
Digital Library
- Miller, G. A. The magical number seven, plus or minus two: some limits on our capacity for processing information. Psychological Review 63, 2 (1956), 81--97.Google Scholar
Cross Ref
- Peterson, L. R. & Peterson, M. J. Short-term retention of individual verbal items. Experimental Psychology 58, 3 (1959), 193--198.Google Scholar
Cross Ref
- Pond, R., Podd, J., Bunnell, J., & Henderson, R. Word Association Computer Passwords: The Effect of Formulation Techniques on Recall and Guessing Rates. Computers & Security 19, 7 (2000), 645--656.Google Scholar
- Sasse, M. A. Computer Security: Anatomy of a Usability Disaster, and a Plan for Recovery. CHI 2003 Workshop on HCI and Security Systems, ACM Press.Google Scholar
- Vu, K.-P. L., Proctor, R. W., Bhargav-Spantzel, A., Tai, B.-L., Cook, J., & Schultz, E. E. Improving password security and memorability to protect personal and organizational information. International Journal of Human-Computer Studies 65, 8 (2007), 744--757. Google Scholar
Digital Library
- Whitten, A. & Tygar, J. D. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. Proc. USENIX Security Symposium 1999, USENIX, 169--183. Google Scholar
Digital Library
- Yan, J., Blackwell, A., Anderson, R., & Grant, A. Password Memorability and Security: Empirical Results. IEEE Security & Privacy Magazine 2, 5 (2004), 25--31. Google Scholar
Digital Library
Index Terms
Memorability of persuasive passwords







Comments