Improving the security of multiple passwords through a greater understanding of the human memory
Multiple passwords are an increasing security issue that will only get worse with time. One of the major factors that compromise multiple passwords is users’ memory, and the behaviors they adopt to compensate for its failures. Through studying memory elements that influence users’ password memorability, we may increase our understanding of the user and therefore make proposals to increase the security of the password authentication mechanism. This dissertation examines the human memory to understand password security behaviors; and moreover, develops new theories and revises prominent memory theories for the password context. This research employs memory theories to not only increase the memorability of passwords, but to also improve the security of them by means of three studies that examine users’ beliefs and awareness (metamemory) about how their memory affects their password memorability and insecure password behavior; and look to increasing password memorability through improving learning (repetition through verification), and retrieval (through uniqueness). Empirical longitudinal studies collecting objective and subjective data measuring password recall (over 10000 passwords), memory interference, memory performance, memory beliefs, user convenience, and insecure password behavior. Through collecting objective password recall data, the results of these studies challenge users’ preconceptions about justifying their adoption of insecure password behaviors. Furthermore, it challenges the assumption of trade-offs between password security, memorability and user convenience found in previous password research. In meeting the objectives of the dissertation, this research has significant practical implications for organizations and individual users. Through a greater understanding of the human memory this can inform users to adopt better password security practices. The implications of these results suggest how to increase password memorability, how to decrease password forgetting, and how to decrease insecure password behaviors and the consequences of such insecure behaviors (such as security breaches). ...
PublisherUniversity of Jyväskylä
MetadataShow full item record
- Väitöskirjat 
Showing items with similar title or keywords.
Woods, Naomi (Association for Information Systems, 2019)There are many good and bad aspects to password authentication. They are mostly without cost, securing many accounts and systems, and allowing users access from anywhere in the world. However, passwords can elicit dark ...
Woods, Naomi; Siponen, Mikko (Academic Press, 2018)Passwords are the most common authentication mechanism, that are only increasing with time. Previous research suggests that users cannot remember multiple passwords. Therefore, users adopt insecure password practices, such ...
Woods, Naomi; Siponen, Mikko (Academic Press, 2019)Passwords are the most frequently used authentication mechanism. However, due to increased password numbers, there has been an increase in insecure password behaviors (e.g., password reuse). Therefore, new and innovative ...
Woods, Naomi; Siponen, Mikko (Elsevier, 2024)Password reuse and modification are insecure password behaviors that are becoming increasingly prevalent as users are obliged to remember more passwords to access various digital services. Many users adopt these risky ...
Temonen, Saku (2020)Ihmisten tietoturva kautta maailman riippuu salasanojen varassa, mutta salasana todennusmenetelmänä toimii tarkoitetulla tavalla vain, jos käyttäjät noudattavat turvallisia salasanakäytänteitä. Siitä huolimatta tietoturvan ...