How Memory Anxiety Can Influence Password Security Behavior

Abstract

Password reuse and modification are insecure password behaviors that are becoming increasingly prevalent as users are obliged to remember more passwords to access various digital services. Many users adopt these risky behaviors as a memory strategy in the belief that they have too many passwords for their memories to cope with. One important avenue in password research is metamemory, which encompasses the knowledge and understanding of memory capabilities and strategies. Previous research on password metamemory has examined the role that metamemory plays in memory performance (i.e., how well memory performs) and password recall. However, no previous research to date has investigated whether password reuse and modification are adopted as memory strategies due to an increase in knowledge and understanding of metamemory. To address this gap, two survey studies (Study1: N=50, Study 2: N=303) were implemented to examine the role that password metamemory plays in reusing and modifying passwords. Our findings suggest that of all metamemory constructs, users’ anxiety regarding their perceived ability to remember passwords can influence them to reuse and modify their passwords. These findings have potentially important implications because with an enhanced understanding of how users’ anxiety towards remembering passwords influences their security behavior, this could identify means of reducing password reuse and modification, thereby increasing password security and ultimately reduce some of the consequences of insecure password behaviors.