Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues

Mahdi Nasrullah Al-Ameen, Matthew Wright, Shannon Scielzo

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Citations (Scopus)

Abstract

Given the choice, users produce passwords reflecting common strategies and patterns that ease recall but offer uncertain and often weak security. System-assigned passwords provide measurable security but suffer from poor memorability. To address this usability-security tension, we argue that systems should assign random passwords but also help with memorization and recall. We investigate the feasibility of this approach with CuedR, a novel cued-recognition authentication scheme that provides users with multiple cues (visual, verbal, and spatial) and lets them choose the cues that best fit their learning process for later recognition of system-assigned keywords. In our lab study, all 37 of our participants could log in within three attempts one week after registration (mean login time: 38:0 seconds). A pilot study on using multiple CuedR passwords also showed 100% recall within three attempts. Based on our results, we suggest appropriate applications for CuedR, such as financial and e-commerce accounts.

Original languageEnglish (US)
Title of host publicationCHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems
Subtitle of host publicationCrossings
PublisherAssociation for Computing Machinery
Pages2315-2324
Number of pages10
Volume2015-April
ISBN (Electronic)9781450331456
DOIs
StatePublished - Apr 18 2015
Event33rd Annual CHI Conference on Human Factors in Computing Systems, CHI 2015 - Seoul, Korea, Republic of
Duration: Apr 18 2015Apr 23 2015

Other

Other33rd Annual CHI Conference on Human Factors in Computing Systems, CHI 2015
CountryKorea, Republic of
CitySeoul
Period4/18/154/23/15

Fingerprint

Authentication

Keywords

  • Authentication
  • Cued-recognition
  • Usable security

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Graphics and Computer-Aided Design

Cite this

Al-Ameen, M. N., Wright, M., & Scielzo, S. (2015). Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues. In CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems: Crossings (Vol. 2015-April, pp. 2315-2324). Association for Computing Machinery. https://doi.org/10.1145/2702123.2702241

Towards making random passwords memorable : Leveraging users' cognitive ability through multiple cues. / Al-Ameen, Mahdi Nasrullah; Wright, Matthew; Scielzo, Shannon.

CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems: Crossings. Vol. 2015-April Association for Computing Machinery, 2015. p. 2315-2324.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Al-Ameen, MN, Wright, M & Scielzo, S 2015, Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues. in CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems: Crossings. vol. 2015-April, Association for Computing Machinery, pp. 2315-2324, 33rd Annual CHI Conference on Human Factors in Computing Systems, CHI 2015, Seoul, Korea, Republic of, 4/18/15. https://doi.org/10.1145/2702123.2702241
Al-Ameen MN, Wright M, Scielzo S. Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues. In CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems: Crossings. Vol. 2015-April. Association for Computing Machinery. 2015. p. 2315-2324 https://doi.org/10.1145/2702123.2702241
Al-Ameen, Mahdi Nasrullah ; Wright, Matthew ; Scielzo, Shannon. / Towards making random passwords memorable : Leveraging users' cognitive ability through multiple cues. CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems: Crossings. Vol. 2015-April Association for Computing Machinery, 2015. pp. 2315-2324
@inproceedings{761509212cd84c0fa3d66316de22c79f,
title = "Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues",
abstract = "Given the choice, users produce passwords reflecting common strategies and patterns that ease recall but offer uncertain and often weak security. System-assigned passwords provide measurable security but suffer from poor memorability. To address this usability-security tension, we argue that systems should assign random passwords but also help with memorization and recall. We investigate the feasibility of this approach with CuedR, a novel cued-recognition authentication scheme that provides users with multiple cues (visual, verbal, and spatial) and lets them choose the cues that best fit their learning process for later recognition of system-assigned keywords. In our lab study, all 37 of our participants could log in within three attempts one week after registration (mean login time: 38:0 seconds). A pilot study on using multiple CuedR passwords also showed 100{\%} recall within three attempts. Based on our results, we suggest appropriate applications for CuedR, such as financial and e-commerce accounts.",
keywords = "Authentication, Cued-recognition, Usable security",
author = "Al-Ameen, {Mahdi Nasrullah} and Matthew Wright and Shannon Scielzo",
year = "2015",
month = "4",
day = "18",
doi = "10.1145/2702123.2702241",
language = "English (US)",
volume = "2015-April",
pages = "2315--2324",
booktitle = "CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems",
publisher = "Association for Computing Machinery",

}

TY - GEN

T1 - Towards making random passwords memorable

T2 - Leveraging users' cognitive ability through multiple cues

AU - Al-Ameen, Mahdi Nasrullah

AU - Wright, Matthew

AU - Scielzo, Shannon

PY - 2015/4/18

Y1 - 2015/4/18

N2 - Given the choice, users produce passwords reflecting common strategies and patterns that ease recall but offer uncertain and often weak security. System-assigned passwords provide measurable security but suffer from poor memorability. To address this usability-security tension, we argue that systems should assign random passwords but also help with memorization and recall. We investigate the feasibility of this approach with CuedR, a novel cued-recognition authentication scheme that provides users with multiple cues (visual, verbal, and spatial) and lets them choose the cues that best fit their learning process for later recognition of system-assigned keywords. In our lab study, all 37 of our participants could log in within three attempts one week after registration (mean login time: 38:0 seconds). A pilot study on using multiple CuedR passwords also showed 100% recall within three attempts. Based on our results, we suggest appropriate applications for CuedR, such as financial and e-commerce accounts.

AB - Given the choice, users produce passwords reflecting common strategies and patterns that ease recall but offer uncertain and often weak security. System-assigned passwords provide measurable security but suffer from poor memorability. To address this usability-security tension, we argue that systems should assign random passwords but also help with memorization and recall. We investigate the feasibility of this approach with CuedR, a novel cued-recognition authentication scheme that provides users with multiple cues (visual, verbal, and spatial) and lets them choose the cues that best fit their learning process for later recognition of system-assigned keywords. In our lab study, all 37 of our participants could log in within three attempts one week after registration (mean login time: 38:0 seconds). A pilot study on using multiple CuedR passwords also showed 100% recall within three attempts. Based on our results, we suggest appropriate applications for CuedR, such as financial and e-commerce accounts.

KW - Authentication

KW - Cued-recognition

KW - Usable security

UR - http://www.scopus.com/inward/record.url?scp=84951082067&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84951082067&partnerID=8YFLogxK

U2 - 10.1145/2702123.2702241

DO - 10.1145/2702123.2702241

M3 - Conference contribution

AN - SCOPUS:84951082067

VL - 2015-April

SP - 2315

EP - 2324

BT - CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems

PB - Association for Computing Machinery

ER -