TY - GEN
T1 - Leveraging real-life facts to make random passwords more memorable
AU - Al-Ameen, Mahdi Nasrullah
AU - Fatema, Kanis
AU - Wright, Matthew
AU - Scielzo, Shannon
N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2015.
PY - 2015
Y1 - 2015
N2 - User-chosen passwords fail to provide adequate security. System-assigned random passwords are more secure but suffer from memorability problems. We argue that the system should remove this burden from users by assisting with the memorization of randomly assigned passwords. To meet this need, we aim to apply the scientific understanding of long-term memory. In particular, we examine the efficacy of augmenting a system-assigned password scheme based on textual recognition by providing users with verbal cues—real-life facts corresponding to the assigned keywords. In addition, we explore the usability gain of including images related to the keywords along with the verbal cues. We conducted a multi-session in-lab user study with 52 participants, where each participant was assigned three different passwords, each representing one study condition. Our results show that the textual recognition-based scheme offering verbal cues had a significantly higher login success rate (94 %) as compared to the control condition, i.e., textual recognition without verbal cues (61 %). The comparison between textual and graphical recognition reveals that when users were provided with verbal cues, adding images did not significantly improve the login success rate, but it did lead to faster recognition of the assigned keywords. We believe that our findings make an important contribution to understanding the extent to which different types of cues impact the usability of system-assigned passwords.
AB - User-chosen passwords fail to provide adequate security. System-assigned random passwords are more secure but suffer from memorability problems. We argue that the system should remove this burden from users by assisting with the memorization of randomly assigned passwords. To meet this need, we aim to apply the scientific understanding of long-term memory. In particular, we examine the efficacy of augmenting a system-assigned password scheme based on textual recognition by providing users with verbal cues—real-life facts corresponding to the assigned keywords. In addition, we explore the usability gain of including images related to the keywords along with the verbal cues. We conducted a multi-session in-lab user study with 52 participants, where each participant was assigned three different passwords, each representing one study condition. Our results show that the textual recognition-based scheme offering verbal cues had a significantly higher login success rate (94 %) as compared to the control condition, i.e., textual recognition without verbal cues (61 %). The comparison between textual and graphical recognition reveals that when users were provided with verbal cues, adding images did not significantly improve the login success rate, but it did lead to faster recognition of the assigned keywords. We believe that our findings make an important contribution to understanding the extent to which different types of cues impact the usability of system-assigned passwords.
KW - Memorability
KW - System-assigned passwords
KW - Usable security
KW - Verbal cues
UR - http://www.scopus.com/inward/record.url?scp=84951738324&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84951738324&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-24177-7_22
DO - 10.1007/978-3-319-24177-7_22
M3 - Conference contribution
AN - SCOPUS:84951738324
SN - 9783319241760
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 438
EP - 455
BT - Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings
A2 - Pernul, Günther
A2 - Ryan, Peter Y.A.
A2 - Weippl, Edgar
PB - Springer Verlag
T2 - 20th European Symposium on Research in Computer Security, ESORICS 2015
Y2 - 21 September 2015 through 25 September 2015
ER -