Leveraging real-life facts to make random passwords more memorable

Mahdi Nasrullah Al-Ameen, Kanis Fatema, Matthew Wright, Shannon Scielzo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

User-chosen passwords fail to provide adequate security. System-assigned random passwords are more secure but suffer from memorability problems. We argue that the system should remove this burden from users by assisting with the memorization of randomly assigned passwords. To meet this need, we aim to apply the scientific understanding of long-term memory. In particular, we examine the efficacy of augmenting a system-assigned password scheme based on textual recognition by providing users with verbal cues—real-life facts corresponding to the assigned keywords. In addition, we explore the usability gain of including images related to the keywords along with the verbal cues. We conducted a multi-session in-lab user study with 52 participants, where each participant was assigned three different passwords, each representing one study condition. Our results show that the textual recognition-based scheme offering verbal cues had a significantly higher login success rate (94 %) as compared to the control condition, i.e., textual recognition without verbal cues (61 %). The comparison between textual and graphical recognition reveals that when users were provided with verbal cues, adding images did not significantly improve the login success rate, but it did lead to faster recognition of the assigned keywords. We believe that our findings make an important contribution to understanding the extent to which different types of cues impact the usability of system-assigned passwords.

Original languageEnglish (US)
Title of host publicationComputer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings
PublisherSpringer Verlag
Pages438-455
Number of pages18
Volume9327
ISBN (Print)9783319241760
DOIs
StatePublished - Jan 1 2015
Event20th European Symposium on Research in Computer Security, ESORICS 2015 - Vienna, Austria
Duration: Sep 21 2015Sep 25 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9327
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other20th European Symposium on Research in Computer Security, ESORICS 2015
CountryAustria
CityVienna
Period9/21/159/25/15

Fingerprint

Password
Data storage equipment
Usability
Random Systems
Memory Term
User Studies
Life
Efficacy

Keywords

  • Memorability
  • System-assigned passwords
  • Usable security
  • Verbal cues

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Al-Ameen, M. N., Fatema, K., Wright, M., & Scielzo, S. (2015). Leveraging real-life facts to make random passwords more memorable. In Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings (Vol. 9327, pp. 438-455). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9327). Springer Verlag. https://doi.org/10.1007/978-3-319-24177-7_22

Leveraging real-life facts to make random passwords more memorable. / Al-Ameen, Mahdi Nasrullah; Fatema, Kanis; Wright, Matthew; Scielzo, Shannon.

Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. Vol. 9327 Springer Verlag, 2015. p. 438-455 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9327).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Al-Ameen, MN, Fatema, K, Wright, M & Scielzo, S 2015, Leveraging real-life facts to make random passwords more memorable. in Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. vol. 9327, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9327, Springer Verlag, pp. 438-455, 20th European Symposium on Research in Computer Security, ESORICS 2015, Vienna, Austria, 9/21/15. https://doi.org/10.1007/978-3-319-24177-7_22
Al-Ameen MN, Fatema K, Wright M, Scielzo S. Leveraging real-life facts to make random passwords more memorable. In Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. Vol. 9327. Springer Verlag. 2015. p. 438-455. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-24177-7_22
Al-Ameen, Mahdi Nasrullah ; Fatema, Kanis ; Wright, Matthew ; Scielzo, Shannon. / Leveraging real-life facts to make random passwords more memorable. Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings. Vol. 9327 Springer Verlag, 2015. pp. 438-455 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{01af8995ad8446ce83e01ca33d2cbdbd,
title = "Leveraging real-life facts to make random passwords more memorable",
abstract = "User-chosen passwords fail to provide adequate security. System-assigned random passwords are more secure but suffer from memorability problems. We argue that the system should remove this burden from users by assisting with the memorization of randomly assigned passwords. To meet this need, we aim to apply the scientific understanding of long-term memory. In particular, we examine the efficacy of augmenting a system-assigned password scheme based on textual recognition by providing users with verbal cues—real-life facts corresponding to the assigned keywords. In addition, we explore the usability gain of including images related to the keywords along with the verbal cues. We conducted a multi-session in-lab user study with 52 participants, where each participant was assigned three different passwords, each representing one study condition. Our results show that the textual recognition-based scheme offering verbal cues had a significantly higher login success rate (94 {\%}) as compared to the control condition, i.e., textual recognition without verbal cues (61 {\%}). The comparison between textual and graphical recognition reveals that when users were provided with verbal cues, adding images did not significantly improve the login success rate, but it did lead to faster recognition of the assigned keywords. We believe that our findings make an important contribution to understanding the extent to which different types of cues impact the usability of system-assigned passwords.",
keywords = "Memorability, System-assigned passwords, Usable security, Verbal cues",
author = "Al-Ameen, {Mahdi Nasrullah} and Kanis Fatema and Matthew Wright and Shannon Scielzo",
year = "2015",
month = "1",
day = "1",
doi = "10.1007/978-3-319-24177-7_22",
language = "English (US)",
isbn = "9783319241760",
volume = "9327",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "438--455",
booktitle = "Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings",

}

TY - GEN

T1 - Leveraging real-life facts to make random passwords more memorable

AU - Al-Ameen, Mahdi Nasrullah

AU - Fatema, Kanis

AU - Wright, Matthew

AU - Scielzo, Shannon

PY - 2015/1/1

Y1 - 2015/1/1

N2 - User-chosen passwords fail to provide adequate security. System-assigned random passwords are more secure but suffer from memorability problems. We argue that the system should remove this burden from users by assisting with the memorization of randomly assigned passwords. To meet this need, we aim to apply the scientific understanding of long-term memory. In particular, we examine the efficacy of augmenting a system-assigned password scheme based on textual recognition by providing users with verbal cues—real-life facts corresponding to the assigned keywords. In addition, we explore the usability gain of including images related to the keywords along with the verbal cues. We conducted a multi-session in-lab user study with 52 participants, where each participant was assigned three different passwords, each representing one study condition. Our results show that the textual recognition-based scheme offering verbal cues had a significantly higher login success rate (94 %) as compared to the control condition, i.e., textual recognition without verbal cues (61 %). The comparison between textual and graphical recognition reveals that when users were provided with verbal cues, adding images did not significantly improve the login success rate, but it did lead to faster recognition of the assigned keywords. We believe that our findings make an important contribution to understanding the extent to which different types of cues impact the usability of system-assigned passwords.

AB - User-chosen passwords fail to provide adequate security. System-assigned random passwords are more secure but suffer from memorability problems. We argue that the system should remove this burden from users by assisting with the memorization of randomly assigned passwords. To meet this need, we aim to apply the scientific understanding of long-term memory. In particular, we examine the efficacy of augmenting a system-assigned password scheme based on textual recognition by providing users with verbal cues—real-life facts corresponding to the assigned keywords. In addition, we explore the usability gain of including images related to the keywords along with the verbal cues. We conducted a multi-session in-lab user study with 52 participants, where each participant was assigned three different passwords, each representing one study condition. Our results show that the textual recognition-based scheme offering verbal cues had a significantly higher login success rate (94 %) as compared to the control condition, i.e., textual recognition without verbal cues (61 %). The comparison between textual and graphical recognition reveals that when users were provided with verbal cues, adding images did not significantly improve the login success rate, but it did lead to faster recognition of the assigned keywords. We believe that our findings make an important contribution to understanding the extent to which different types of cues impact the usability of system-assigned passwords.

KW - Memorability

KW - System-assigned passwords

KW - Usable security

KW - Verbal cues

UR - http://www.scopus.com/inward/record.url?scp=84951738324&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84951738324&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-24177-7_22

DO - 10.1007/978-3-319-24177-7_22

M3 - Conference contribution

AN - SCOPUS:84951738324

SN - 9783319241760

VL - 9327

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 438

EP - 455

BT - Computer Security – ESORICS 2015 - 20th European Symposium on Research in Computer Security, Proceedings

PB - Springer Verlag

ER -