10.1145/1358628.1358926acmconferencesArticle/Chapter ViewAbstractPublication PageschiConference Proceedings
research-article

Memorability of persuasive passwords

ABSTRACT

Text passwords are the primary authentication method used for most online services. Many online users select weak passwords. Regrettably, most proposed methods of strengthening passwords compromise memorability. This paper explores a lightweight password creation mechanism's effect on password memorability. Our system employs Persuasive Technology to assist users in creating stronger passwords. Results show that our improvement scheme affected password memorability only for users who created secure passwords before the system applied its improvement. This result warns researchers to not alienate users who are already security-aware when trying to assist security-unaware users to behave more securely.

References

  1. Adams, A. & Sasse, M. A. Users Are Not The Enemy. Communications of the ACM 42, 12 (1999), 41--46. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Bishop, M. A Proactive Password Checker. Technical Report PCS-TR90-152 (1990), accessed Jan 2008, http://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa.gov/19920018383_1992018383.pdf Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Ericsson, K. A., Charness, N., Feltovich, P. J., & Hoffman, R. R. The Cambridge Handbook of Expertise and Expert Performance. Cambridge University Press, Cambridge, UK, 2006.Google ScholarGoogle ScholarCross RefCross Ref
  4. Florencio, D. & Herley, C. A Large-Scale Study of Web Password Habits. Proc. WWW 2007, 657--666. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Fogg, B. J. Persuasive Technology: Using Computers to Change What We Think and Do. Morgan Kaufmann, San Francisco, USA, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Forget, A., Chiasson, S., & Biddle, R. Persuasion as Education for Computer Security. Proc. E-Learn 2007, AACE, 822--829.Google ScholarGoogle Scholar
  7. Furnell, S. An assessment of website password practices. Computers & Security 26, 7-8 (2007), 445--451.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Gobet, F. & Clarkson, G. Chunks in expert memory: Evidence for the magical number four..or is it two? Memory 12, 6 (2004), 732--747.Google ScholarGoogle ScholarCross RefCross Ref
  9. Kuo, C., Romanosky, S., & Cranor, L.F. Human Selection of Mnemonic Phrase-based Passwords. Proc. SOUPS 2006, ACM Press, 67--78. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Leonhard, M. D. & Venkatakrishnan, V. N. A Comparative Study of Three Random Password Generators. Proc. IEEE EIT 2007, 227--232.Google ScholarGoogle ScholarCross RefCross Ref
  11. Menezes, A. J., van Oorschot, P. C. & Vanstone, S. A. Handbook of Applied Cryptography. CRC Press, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Miller, G. A. The magical number seven, plus or minus two: some limits on our capacity for processing information. Psychological Review 63, 2 (1956), 81--97.Google ScholarGoogle ScholarCross RefCross Ref
  13. Peterson, L. R. & Peterson, M. J. Short-term retention of individual verbal items. Experimental Psychology 58, 3 (1959), 193--198.Google ScholarGoogle ScholarCross RefCross Ref
  14. Pond, R., Podd, J., Bunnell, J., & Henderson, R. Word Association Computer Passwords: The Effect of Formulation Techniques on Recall and Guessing Rates. Computers & Security 19, 7 (2000), 645--656.Google ScholarGoogle Scholar
  15. Sasse, M. A. Computer Security: Anatomy of a Usability Disaster, and a Plan for Recovery. CHI 2003 Workshop on HCI and Security Systems, ACM Press.Google ScholarGoogle Scholar
  16. Vu, K.-P. L., Proctor, R. W., Bhargav-Spantzel, A., Tai, B.-L., Cook, J., & Schultz, E. E. Improving password security and memorability to protect personal and organizational information. International Journal of Human-Computer Studies 65, 8 (2007), 744--757. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Whitten, A. & Tygar, J. D. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. Proc. USENIX Security Symposium 1999, USENIX, 169--183. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Yan, J., Blackwell, A., Anderson, R., & Grant, A. Password Memorability and Security: Empirical Results. IEEE Security & Privacy Magazine 2, 5 (2004), 25--31. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Memorability of persuasive passwords

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!