Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues

Mahdi Nasrullah Al-Ameen, Matthew Wright, Shannon Scielzo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

15 Scopus citations

Abstract

Given the choice, users produce passwords reflecting common strategies and patterns that ease recall but offer uncertain and often weak security. System-assigned passwords provide measurable security but suffer from poor memorability. To address this usability-security tension, we argue that systems should assign random passwords but also help with memorization and recall. We investigate the feasibility of this approach with CuedR, a novel cued-recognition authentication scheme that provides users with multiple cues (visual, verbal, and spatial) and lets them choose the cues that best fit their learning process for later recognition of system-assigned keywords. In our lab study, all 37 of our participants could log in within three attempts one week after registration (mean login time: 38:0 seconds). A pilot study on using multiple CuedR passwords also showed 100% recall within three attempts. Based on our results, we suggest appropriate applications for CuedR, such as financial and e-commerce accounts.

Original languageEnglish (US)
Title of host publicationCHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems
Subtitle of host publicationCrossings
PublisherAssociation for Computing Machinery
Pages2315-2324
Number of pages10
ISBN (Electronic)9781450331456
DOIs
StatePublished - Apr 18 2015
Event33rd Annual CHI Conference on Human Factors in Computing Systems, CHI 2015 - Seoul, Korea, Republic of
Duration: Apr 18 2015Apr 23 2015

Publication series

NameConference on Human Factors in Computing Systems - Proceedings
Volume2015-April

Other

Other33rd Annual CHI Conference on Human Factors in Computing Systems, CHI 2015
CountryKorea, Republic of
CitySeoul
Period4/18/154/23/15

    Fingerprint

Keywords

  • Authentication
  • Cued-recognition
  • Usable security

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Graphics and Computer-Aided Design

Cite this

Al-Ameen, M. N., Wright, M., & Scielzo, S. (2015). Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues. In CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems: Crossings (pp. 2315-2324). (Conference on Human Factors in Computing Systems - Proceedings; Vol. 2015-April). Association for Computing Machinery. https://doi.org/10.1145/2702123.2702241