Too many passwords? : How understanding our memory can increase password memorability
Woods, N., & Siponen, M. (2018). Too many passwords? : How understanding our memory can increase password memorability. International Journal of Human-Computer Studies, 111, 36-48. https://doi.org/10.1016/j.ijhcs.2017.11.002
Published inInternational Journal of Human-Computer Studies
© 2017 Elsevier Ltd. This is a final draft version of an article whose final and definitive form has been published by Elsevier. Published in this repository with the kind permission of the publisher.
Passwords are the most common authentication mechanism, that are only increasing with time. Previous research suggests that users cannot remember multiple passwords. Therefore, users adopt insecure password practices, such as password reuse in response to their perceived memory limitations. The critical question not currently examined is whether users’ memory capabilities for password recall are actually related to having a poor memory. This issue is imperative: if insecure password practices result from having a poor memory, then future password research and practice should focus on increasing the memorability of passwords. If, on the other hand, the problem is not solely related to memory performance, but to users’ inaccurate perception of their memory, then future research needs to examine why this is the case and how such false perception can be improved. In this paper we examined this conundrum by contextualizing the memory theory of metamemory, to the password security context. We argue, based on our contextualized metamemory theory, that the recall of multiple passwords is not related to users’ memory capabilities, and therefore users are able to actually remember more passwords than they think. Instead, we argue that users’ perceptions of their memories abilities, in terms of password memory capacity; perceived control over their memory; motivation to remember; and their understanding of their memory, explains why users cannot remember their passwords. We tested our contextualized metamemory theory in the password security context through a longitudinal experiment, examining over 3500 passwords. The results suggest that our contextualized metamemory theory, rather than the general metamemory theory explains password recall. This study has important implications for research in password security, and practice. ...
Publication in research information system
MetadataShow full item record
Showing items with similar title or keywords.
Woods, Naomi (Association for Information Systems, 2019)There are many good and bad aspects to password authentication. They are mostly without cost, securing many accounts and systems, and allowing users access from anywhere in the world. However, passwords can elicit dark ...
Woods, Naomi (University of Jyväskylä, 2016)Multiple passwords are an increasing security issue that will only get worse with time. One of the major factors that compromise multiple passwords is users’ memory, and the behaviors they adopt to compensate for its ...
Woods, Naomi (AIS Electronic Library (AISeL), 2017)Password memorability is a significant problem that is getting worse as the numbers grow. As a direct result of memory limitations, adopted insecure password practices have substantial consequences as organizations lose ...
Siponen, Mikko; Puhakainen, Petri; Vance, Anthony (Elsevier Advanced Technology, 2020)Individuals’ lack of adherence to password security policy is a persistent problem for organizations. This problem is especially worrisome because passwords remain the primary authentication mechanism for information ...
Woods, Naomi; Siponen, Mikko (Elsevier, 2024)Password reuse and modification are insecure password behaviors that are becoming increasingly prevalent as users are obliged to remember more passwords to access various digital services. Many users adopt these risky ...