Too many passwords? : How understanding our memory can increase password memorability
Woods, N., & Siponen, M. (2018). Too many passwords? : How understanding our memory can increase password memorability. International Journal of Human-Computer Studies, 111, 36-48. https://doi.org/10.1016/j.ijhcs.2017.11.002
Published in
International Journal of Human-Computer StudiesDate
2018Discipline
KognitiotiedeTietojärjestelmätiedeEmpirical Cyber Security and Software EngineeringKyberturvallisuusCognitive ScienceInformation Systems ScienceEmpirical Cyber Security and Software EngineeringCyber securityCopyright
© 2017 Elsevier Ltd. This is a final draft version of an article whose final and definitive form has been published by Elsevier. Published in this repository with the kind permission of the publisher.
Passwords are the most common authentication mechanism, that are only increasing with time. Previous research suggests that users cannot remember multiple passwords. Therefore, users adopt insecure password practices, such as password reuse in response to their perceived memory limitations. The critical question not currently examined is whether users’ memory capabilities for password recall are actually related to having a poor memory. This issue is imperative: if insecure password practices result from having a poor memory, then future password research and practice should focus on increasing the memorability of passwords. If, on the other hand, the problem is not solely related to memory performance, but to users’ inaccurate perception of their memory, then future research needs to examine why this is the case and how such false perception can be improved. In this paper we examined this conundrum by contextualizing the memory theory of metamemory, to the password security context. We argue, based on our contextualized metamemory theory, that the recall of multiple passwords is not related to users’ memory capabilities, and therefore users are able to actually remember more passwords than they think. Instead, we argue that users’ perceptions of their memories abilities, in terms of password memory capacity; perceived control over their memory; motivation to remember; and their understanding of their memory, explains why users cannot remember their passwords. We tested our contextualized metamemory theory in the password security context through a longitudinal experiment, examining over 3500 passwords. The results suggest that our contextualized metamemory theory, rather than the general metamemory theory explains password recall. This study has important implications for research in password security, and practice.
...
Publisher
Academic PressISSN Search the Publication Forum
1071-5819Keywords
Publication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/27374803
Metadata
Show full item recordCollections
Related items
Showing items with similar title or keywords.
-
How Memory Anxiety Can Influence Password Security Behavior
Woods, Naomi; Siponen, Mikko (Elsevier, 2024)Password reuse and modification are insecure password behaviors that are becoming increasingly prevalent as users are obliged to remember more passwords to access various digital services. Many users adopt these risky ... -
Frequently Using Passwords Increases Their Memorability - A False Assumption or Reality?
Woods, Naomi (AIS Electronic Library (AISeL), 2017)Password memorability is a significant problem that is getting worse as the numbers grow. As a direct result of memory limitations, adopted insecure password practices have substantial consequences as organizations lose ... -
The Light Side of Passwords : Turning Motivation from the Extrinsic to the Intrinsic
Woods, Naomi (Association for Information Systems, 2019)There are many good and bad aspects to password authentication. They are mostly without cost, securing many accounts and systems, and allowing users access from anywhere in the world. However, passwords can elicit dark ... -
Improving the security of multiple passwords through a greater understanding of the human memory
Woods, Naomi (University of Jyväskylä, 2016)Multiple passwords are an increasing security issue that will only get worse with time. One of the major factors that compromise multiple passwords is users’ memory, and the behaviors they adopt to compensate for its ... -
Enhancing the user authentication process with colour memory cues
Woods, Naomi; Silvennoinen, Johanna (Taylor & Francis, 2023)The authentication process is the first line of defence against potential impostors, and therefore is an important concern when protecting personal and organisational data. Although there are many options to authenticate ...