Leveraging real-life facts to make random passwords more memorable

Mahdi Nasrullah Al-Ameen, Kanis Fatema, Matthew Wright, Shannon Scielzo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

5 Scopus citations


User-chosen passwords fail to provide adequate security. System-assigned random passwords are more secure but suffer from memorability problems. We argue that the system should remove this burden from users by assisting with the memorization of randomly assigned passwords. To meet this need, we aim to apply the scientific understanding of long-term memory. In particular, we examine the efficacy of augmenting a system-assigned password scheme based on textual recognition by providing users with verbal cues—real-life facts corresponding to the assigned keywords. In addition, we explore the usability gain of including images related to the keywords along with the verbal cues. We conducted a multi-session in-lab user study with 52 participants, where each participant was assigned three different passwords, each representing one study condition. Our results show that the textual recognition-based scheme offering verbal cues had a significantly higher login success rate (94 %) as compared to the control condition, i.e., textual recognition without verbal cues (61 %). The comparison between textual and graphical recognition reveals that when users were provided with verbal cues, adding images did not significantly improve the login success rate, but it did lead to faster recognition of the assigned keywords. We believe that our findings make an important contribution to understanding the extent to which different types of cues impact the usability of system-assigned passwords.

Original languageEnglish (US)
Title of host publicationComputer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings
EditorsGünther Pernul, Peter Y.A. Ryan, Edgar Weippl
PublisherSpringer Verlag
Number of pages18
ISBN (Print)9783319241760
StatePublished - 2015
Event20th European Symposium on Research in Computer Security, ESORICS 2015 - Vienna, Austria
Duration: Sep 21 2015Sep 25 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other20th European Symposium on Research in Computer Security, ESORICS 2015


  • Memorability
  • System-assigned passwords
  • Usable security
  • Verbal cues

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'Leveraging real-life facts to make random passwords more memorable'. Together they form a unique fingerprint.

Cite this