Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues

Mahdi Nasrullah Al-Ameen; Matthew Wright; Shannon Scielzo

doi:10.1145/2702123.2702241

Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues

Mahdi Nasrullah Al-Ameen, Matthew Wright, Shannon Scielzo

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

35 Scopus citations

Abstract

Given the choice, users produce passwords reflecting common strategies and patterns that ease recall but offer uncertain and often weak security. System-assigned passwords provide measurable security but suffer from poor memorability. To address this usability-security tension, we argue that systems should assign random passwords but also help with memorization and recall. We investigate the feasibility of this approach with CuedR, a novel cued-recognition authentication scheme that provides users with multiple cues (visual, verbal, and spatial) and lets them choose the cues that best fit their learning process for later recognition of system-assigned keywords. In our lab study, all 37 of our participants could log in within three attempts one week after registration (mean login time: 38:0 seconds). A pilot study on using multiple CuedR passwords also showed 100% recall within three attempts. Based on our results, we suggest appropriate applications for CuedR, such as financial and e-commerce accounts.

Original language	English (US)
Title of host publication	CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems
Subtitle of host publication	Crossings
Publisher	Association for Computing Machinery
Pages	2315-2324
Number of pages	10
ISBN (Electronic)	9781450331456
DOIs	https://doi.org/10.1145/2702123.2702241
State	Published - Apr 18 2015
Event	33rd Annual CHI Conference on Human Factors in Computing Systems, CHI 2015 - Seoul, Korea, Republic of Duration: Apr 18 2015 → Apr 23 2015

Publication series

Name	Conference on Human Factors in Computing Systems - Proceedings
Volume	2015-April

Other

Other	33rd Annual CHI Conference on Human Factors in Computing Systems, CHI 2015
Country/Territory	Korea, Republic of
City	Seoul
Period	4/18/15 → 4/23/15

Keywords

Authentication
Cued-recognition
Usable security

ASJC Scopus subject areas

Software
Human-Computer Interaction
Computer Graphics and Computer-Aided Design

Access to Document

10.1145/2702123.2702241

Cite this

Al-Ameen, M. N., Wright, M., & Scielzo, S. (2015). Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues. In CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems: Crossings (pp. 2315-2324). (Conference on Human Factors in Computing Systems - Proceedings; Vol. 2015-April). Association for Computing Machinery. https://doi.org/10.1145/2702123.2702241

Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues. / Al-Ameen, Mahdi Nasrullah; Wright, Matthew; Scielzo, Shannon.
CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems: Crossings. Association for Computing Machinery, 2015. p. 2315-2324 (Conference on Human Factors in Computing Systems - Proceedings; Vol. 2015-April).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Al-Ameen, MN, Wright, M & Scielzo, S 2015, Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues. in CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems: Crossings. Conference on Human Factors in Computing Systems - Proceedings, vol. 2015-April, Association for Computing Machinery, pp. 2315-2324, 33rd Annual CHI Conference on Human Factors in Computing Systems, CHI 2015, Seoul, Korea, Republic of, 4/18/15. https://doi.org/10.1145/2702123.2702241

Al-Ameen MN, Wright M, Scielzo S. Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues. In CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems: Crossings. Association for Computing Machinery. 2015. p. 2315-2324. (Conference on Human Factors in Computing Systems - Proceedings). doi: 10.1145/2702123.2702241

Al-Ameen, Mahdi Nasrullah ; Wright, Matthew ; Scielzo, Shannon. / Towards making random passwords memorable : Leveraging users' cognitive ability through multiple cues. CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems: Crossings. Association for Computing Machinery, 2015. pp. 2315-2324 (Conference on Human Factors in Computing Systems - Proceedings).

@inproceedings{761509212cd84c0fa3d66316de22c79f,

title = "Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues",

abstract = "Given the choice, users produce passwords reflecting common strategies and patterns that ease recall but offer uncertain and often weak security. System-assigned passwords provide measurable security but suffer from poor memorability. To address this usability-security tension, we argue that systems should assign random passwords but also help with memorization and recall. We investigate the feasibility of this approach with CuedR, a novel cued-recognition authentication scheme that provides users with multiple cues (visual, verbal, and spatial) and lets them choose the cues that best fit their learning process for later recognition of system-assigned keywords. In our lab study, all 37 of our participants could log in within three attempts one week after registration (mean login time: 38:0 seconds). A pilot study on using multiple CuedR passwords also showed 100% recall within three attempts. Based on our results, we suggest appropriate applications for CuedR, such as financial and e-commerce accounts.",

keywords = "Authentication, Cued-recognition, Usable security",

author = "Al-Ameen, {Mahdi Nasrullah} and Matthew Wright and Shannon Scielzo",

year = "2015",

month = apr,

day = "18",

doi = "10.1145/2702123.2702241",

language = "English (US)",

series = "Conference on Human Factors in Computing Systems - Proceedings",

publisher = "Association for Computing Machinery",

pages = "2315--2324",

booktitle = "CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems",

}

TY - GEN

T1 - Towards making random passwords memorable

T2 - 33rd Annual CHI Conference on Human Factors in Computing Systems, CHI 2015

AU - Al-Ameen, Mahdi Nasrullah

AU - Wright, Matthew

AU - Scielzo, Shannon

PY - 2015/4/18

Y1 - 2015/4/18

N2 - Given the choice, users produce passwords reflecting common strategies and patterns that ease recall but offer uncertain and often weak security. System-assigned passwords provide measurable security but suffer from poor memorability. To address this usability-security tension, we argue that systems should assign random passwords but also help with memorization and recall. We investigate the feasibility of this approach with CuedR, a novel cued-recognition authentication scheme that provides users with multiple cues (visual, verbal, and spatial) and lets them choose the cues that best fit their learning process for later recognition of system-assigned keywords. In our lab study, all 37 of our participants could log in within three attempts one week after registration (mean login time: 38:0 seconds). A pilot study on using multiple CuedR passwords also showed 100% recall within three attempts. Based on our results, we suggest appropriate applications for CuedR, such as financial and e-commerce accounts.

AB - Given the choice, users produce passwords reflecting common strategies and patterns that ease recall but offer uncertain and often weak security. System-assigned passwords provide measurable security but suffer from poor memorability. To address this usability-security tension, we argue that systems should assign random passwords but also help with memorization and recall. We investigate the feasibility of this approach with CuedR, a novel cued-recognition authentication scheme that provides users with multiple cues (visual, verbal, and spatial) and lets them choose the cues that best fit their learning process for later recognition of system-assigned keywords. In our lab study, all 37 of our participants could log in within three attempts one week after registration (mean login time: 38:0 seconds). A pilot study on using multiple CuedR passwords also showed 100% recall within three attempts. Based on our results, we suggest appropriate applications for CuedR, such as financial and e-commerce accounts.

KW - Authentication

KW - Cued-recognition

KW - Usable security

UR - http://www.scopus.com/inward/record.url?scp=84951082067&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84951082067&partnerID=8YFLogxK

U2 - 10.1145/2702123.2702241

DO - 10.1145/2702123.2702241

M3 - Conference contribution

AN - SCOPUS:84951082067

T3 - Conference on Human Factors in Computing Systems - Proceedings

SP - 2315

EP - 2324

BT - CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems

PB - Association for Computing Machinery

Y2 - 18 April 2015 through 23 April 2015

ER -

Towards making random passwords memorable: Leveraging users' cognitive ability through multiple cues

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this