Improving Password Memorability, While Not Inconveniencing the User
Woods, N., & Siponen, M. (2019). Improving Password Memorability, While Not Inconveniencing the User. International Journal of Human-Computer Studies, 128, 61-71. https://doi.org/10.1016/j.ijhcs.2019.02.003
Published in
International Journal of Human-Computer StudiesDate
2019Discipline
Empirical Cyber Security and Software EngineeringTietojärjestelmätiedeKyberturvallisuusEmpirical Cyber Security and Software EngineeringInformation Systems ScienceCyber securityCopyright
© 2019 Elsevier Ltd.
Passwords are the most frequently used authentication mechanism. However, due to
increased password numbers, there has been an increase in insecure password behaviors (e.g.,
password reuse). Therefore, new and innovative ways are needed to increase password
memorability and security. Typically, users are asked to input their passwords once in order
to access the system, and twice to verify the password, when they create a new account. But
what if users were asked to input their passwords three or four times when they create new
accounts? In this study, three groups of participants were asked to verify their passwords
once (control group), twice, and three times (two experimental groups). Psychological
literature suggests that applying repetition in learning to the password process has significant
effects on password memorability. However, previous password research has found a tradeoff between password security and memorability, and more recently, user convenience. Our
results suggest that verifying passwords three times can increase password memorability
from 42% (verifying passwords just once as with current practices) to 70%. Even by
increasing the verification to just two times can increase password memorability by 17%.
However, we found that through increasing the number of verifications did not equate to a
decrease in user convenience. What this means is that small changes to the password
verification stage can have significant results on password memorability while not
necessarily inconveniencing the user. The implications of these results could ultimately have
a positive effect on password security, and the consequences of forgetting passwords.
...
Publisher
Academic PressISSN Search the Publication Forum
1071-5819Keywords
Publication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/28913605
Metadata
Show full item recordCollections
License
Related items
Showing items with similar title or keywords.
-
How Memory Anxiety Can Influence Password Security Behavior
Woods, Naomi; Siponen, Mikko (Elsevier, 2024)Password reuse and modification are insecure password behaviors that are becoming increasingly prevalent as users are obliged to remember more passwords to access various digital services. Many users adopt these risky ... -
The Light Side of Passwords : Turning Motivation from the Extrinsic to the Intrinsic
Woods, Naomi (Association for Information Systems, 2019)There are many good and bad aspects to password authentication. They are mostly without cost, securing many accounts and systems, and allowing users access from anywhere in the world. However, passwords can elicit dark ... -
Frequently Using Passwords Increases Their Memorability - A False Assumption or Reality?
Woods, Naomi (AIS Electronic Library (AISeL), 2017)Password memorability is a significant problem that is getting worse as the numbers grow. As a direct result of memory limitations, adopted insecure password practices have substantial consequences as organizations lose ... -
Improving the security of multiple passwords through a greater understanding of the human memory
Woods, Naomi (University of Jyväskylä, 2016)Multiple passwords are an increasing security issue that will only get worse with time. One of the major factors that compromise multiple passwords is users’ memory, and the behaviors they adopt to compensate for its ... -
Too many passwords? : How understanding our memory can increase password memorability
Woods, Naomi; Siponen, Mikko (Academic Press, 2018)Passwords are the most common authentication mechanism, that are only increasing with time. Previous research suggests that users cannot remember multiple passwords. Therefore, users adopt insecure password practices, such ...