Document Type

Article

Journal/Book Title/Conference

Behaviour & Information Technology

Publisher

Taylor & Francis

Publication Date

12-9-2020

First Page

1

Last Page

33

Creative Commons License

Creative Commons Attribution-Noncommercial 4.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License

Abstract

User-chosen passwords reflecting common strategies and patterns ease memorization but offer uncertain and often weak security, while system-assigned passwords provide higher security guarantee but suffer from poor memorability. We thus examine the technique to enhance password memorability that incorporates a scientific understanding of long-term memory. In particular, we examine the efficacy of providing users with verbal cues—real-life facts corresponding to system-assigned keywords. We also explore the usability gain of including images related to the keywords along with verbal cues. In our multi-session lab study with 52 participants, textual recognition-based scheme offering verbal cues had a significantly higher login success rate (94.23%) compared to the control condition, i.e., textual recognition without verbal cues (61.54%). We found that when users were provided with verbal cues, adding images contributed to faster recognition of the assigned keywords, and thus had an overall improvement in usability. So, we conducted a field study with 54 participants to further examine the usability of graphical recognition-based scheme offering verbal cues, which showed an average login success rate of 98% in a real-life setting and an overall improvement in login performance with more login sessions. These findings show a promising research direction to gain high memorability for system-assigned passwords.

Comments

This is an Accepted Manuscript version of the following article, accepted for publication in Behaviour & Information Technology. Mahdi Nasrullah Al-Ameen, Sonali T. Marne, Kanis Fatema, Matthew Wright & Shannon Scielzo (2020) On improving the memorability of system-assigned recognition-based passwords, Behaviour & Information Technology, DOI: 10.1080/0144929X.2020.1858161. It is deposited under the terms of the Creative Commons Attribution-NonCommercial License (http://creativecommons.org/licenses/by-nc/4.0/), which permits non-commercial re-use, distribution, and reproduction in any medium, provided the original work is properly cited.

Share

COinS