Leveraging real-life facts to make random passwords more memorable

Mahdi Nasrullah Al-Ameen; Kanis Fatema; Matthew Wright; Shannon Scielzo

doi:10.1007/978-3-319-24177-7_22

Leveraging real-life facts to make random passwords more memorable

Mahdi Nasrullah Al-Ameen, Kanis Fatema, Matthew Wright, Shannon Scielzo

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Scopus citations

Abstract

User-chosen passwords fail to provide adequate security. System-assigned random passwords are more secure but suffer from memorability problems. We argue that the system should remove this burden from users by assisting with the memorization of randomly assigned passwords. To meet this need, we aim to apply the scientific understanding of long-term memory. In particular, we examine the efficacy of augmenting a system-assigned password scheme based on textual recognition by providing users with verbal cues—real-life facts corresponding to the assigned keywords. In addition, we explore the usability gain of including images related to the keywords along with the verbal cues. We conducted a multi-session in-lab user study with 52 participants, where each participant was assigned three different passwords, each representing one study condition. Our results show that the textual recognition-based scheme offering verbal cues had a significantly higher login success rate (94 %) as compared to the control condition, i.e., textual recognition without verbal cues (61 %). The comparison between textual and graphical recognition reveals that when users were provided with verbal cues, adding images did not significantly improve the login success rate, but it did lead to faster recognition of the assigned keywords. We believe that our findings make an important contribution to understanding the extent to which different types of cues impact the usability of system-assigned passwords.

Original language	English (US)
Title of host publication	Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings
Editors	Günther Pernul, Peter Y.A. Ryan, Edgar Weippl
Publisher	Springer Verlag
Pages	438-455
Number of pages	18
ISBN (Print)	9783319241760
DOIs	https://doi.org/10.1007/978-3-319-24177-7_22
State	Published - 2015
Event	20th European Symposium on Research in Computer Security, ESORICS 2015 - Vienna, Austria Duration: Sep 21 2015 → Sep 25 2015

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9327
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	20th European Symposium on Research in Computer Security, ESORICS 2015
Country/Territory	Austria
City	Vienna
Period	9/21/15 → 9/25/15

Keywords

Memorability
System-assigned passwords
Usable security
Verbal cues

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-319-24177-7_22

Cite this

Al-Ameen, M. N., Fatema, K., Wright, M., & Scielzo, S. (2015). Leveraging real-life facts to make random passwords more memorable. In G. Pernul, P. Y. A. Ryan, & E. Weippl (Eds.), Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings (pp. 438-455). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9327). Springer Verlag. https://doi.org/10.1007/978-3-319-24177-7_22

Leveraging real-life facts to make random passwords more memorable. / Al-Ameen, Mahdi Nasrullah; Fatema, Kanis; Wright, Matthew et al.
Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. ed. / Günther Pernul; Peter Y.A. Ryan; Edgar Weippl. Springer Verlag, 2015. p. 438-455 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9327).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Al-Ameen, MN, Fatema, K, Wright, M & Scielzo, S 2015, Leveraging real-life facts to make random passwords more memorable. in G Pernul, PYA Ryan & E Weippl (eds), Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9327, Springer Verlag, pp. 438-455, 20th European Symposium on Research in Computer Security, ESORICS 2015, Vienna, Austria, 9/21/15. https://doi.org/10.1007/978-3-319-24177-7_22

Al-Ameen MN, Fatema K, Wright M, Scielzo S. Leveraging real-life facts to make random passwords more memorable. In Pernul G, Ryan PYA, Weippl E, editors, Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. Springer Verlag. 2015. p. 438-455. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-24177-7_22

Al-Ameen, Mahdi Nasrullah ; Fatema, Kanis ; Wright, Matthew et al. / Leveraging real-life facts to make random passwords more memorable. Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. editor / Günther Pernul ; Peter Y.A. Ryan ; Edgar Weippl. Springer Verlag, 2015. pp. 438-455 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{01af8995ad8446ce83e01ca33d2cbdbd,

title = "Leveraging real-life facts to make random passwords more memorable",

abstract = "User-chosen passwords fail to provide adequate security. System-assigned random passwords are more secure but suffer from memorability problems. We argue that the system should remove this burden from users by assisting with the memorization of randomly assigned passwords. To meet this need, we aim to apply the scientific understanding of long-term memory. In particular, we examine the efficacy of augmenting a system-assigned password scheme based on textual recognition by providing users with verbal cues—real-life facts corresponding to the assigned keywords. In addition, we explore the usability gain of including images related to the keywords along with the verbal cues. We conducted a multi-session in-lab user study with 52 participants, where each participant was assigned three different passwords, each representing one study condition. Our results show that the textual recognition-based scheme offering verbal cues had a significantly higher login success rate (94 %) as compared to the control condition, i.e., textual recognition without verbal cues (61 %). The comparison between textual and graphical recognition reveals that when users were provided with verbal cues, adding images did not significantly improve the login success rate, but it did lead to faster recognition of the assigned keywords. We believe that our findings make an important contribution to understanding the extent to which different types of cues impact the usability of system-assigned passwords.",

keywords = "Memorability, System-assigned passwords, Usable security, Verbal cues",

author = "Al-Ameen, {Mahdi Nasrullah} and Kanis Fatema and Matthew Wright and Shannon Scielzo",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; 20th European Symposium on Research in Computer Security, ESORICS 2015 ; Conference date: 21-09-2015 Through 25-09-2015",

year = "2015",

doi = "10.1007/978-3-319-24177-7_22",

language = "English (US)",

isbn = "9783319241760",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "438--455",

editor = "G{\"u}nther Pernul and Ryan, {Peter Y.A.} and Edgar Weippl",

booktitle = "Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings",

}

TY - GEN

T1 - Leveraging real-life facts to make random passwords more memorable

AU - Al-Ameen, Mahdi Nasrullah

AU - Fatema, Kanis

AU - Wright, Matthew

AU - Scielzo, Shannon

N1 - Publisher Copyright: © Springer International Publishing Switzerland 2015.

PY - 2015

Y1 - 2015

N2 - User-chosen passwords fail to provide adequate security. System-assigned random passwords are more secure but suffer from memorability problems. We argue that the system should remove this burden from users by assisting with the memorization of randomly assigned passwords. To meet this need, we aim to apply the scientific understanding of long-term memory. In particular, we examine the efficacy of augmenting a system-assigned password scheme based on textual recognition by providing users with verbal cues—real-life facts corresponding to the assigned keywords. In addition, we explore the usability gain of including images related to the keywords along with the verbal cues. We conducted a multi-session in-lab user study with 52 participants, where each participant was assigned three different passwords, each representing one study condition. Our results show that the textual recognition-based scheme offering verbal cues had a significantly higher login success rate (94 %) as compared to the control condition, i.e., textual recognition without verbal cues (61 %). The comparison between textual and graphical recognition reveals that when users were provided with verbal cues, adding images did not significantly improve the login success rate, but it did lead to faster recognition of the assigned keywords. We believe that our findings make an important contribution to understanding the extent to which different types of cues impact the usability of system-assigned passwords.

AB - User-chosen passwords fail to provide adequate security. System-assigned random passwords are more secure but suffer from memorability problems. We argue that the system should remove this burden from users by assisting with the memorization of randomly assigned passwords. To meet this need, we aim to apply the scientific understanding of long-term memory. In particular, we examine the efficacy of augmenting a system-assigned password scheme based on textual recognition by providing users with verbal cues—real-life facts corresponding to the assigned keywords. In addition, we explore the usability gain of including images related to the keywords along with the verbal cues. We conducted a multi-session in-lab user study with 52 participants, where each participant was assigned three different passwords, each representing one study condition. Our results show that the textual recognition-based scheme offering verbal cues had a significantly higher login success rate (94 %) as compared to the control condition, i.e., textual recognition without verbal cues (61 %). The comparison between textual and graphical recognition reveals that when users were provided with verbal cues, adding images did not significantly improve the login success rate, but it did lead to faster recognition of the assigned keywords. We believe that our findings make an important contribution to understanding the extent to which different types of cues impact the usability of system-assigned passwords.

KW - Memorability

KW - System-assigned passwords

KW - Usable security

KW - Verbal cues

UR - http://www.scopus.com/inward/record.url?scp=84951738324&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84951738324&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-24177-7_22

DO - 10.1007/978-3-319-24177-7_22

M3 - Conference contribution

AN - SCOPUS:84951738324

SN - 9783319241760

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 438

EP - 455

BT - Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings

A2 - Pernul, Günther

A2 - Ryan, Peter Y.A.

A2 - Weippl, Edgar

PB - Springer Verlag

T2 - 20th European Symposium on Research in Computer Security, ESORICS 2015

Y2 - 21 September 2015 through 25 September 2015

ER -

Leveraging real-life facts to make random passwords more memorable

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this