Towards Making Random Passwords Memorable: Leveraging Users' Cognitive Ability Through Multiple Cues
Abstract
Given the choice, users produce passwords reflecting common strategies and patterns that ease recall but offer uncertain and often weak security. System-assigned passwords provide measurable security but suffer from poor memorability. To address this usability-security tension, we argue that systems should assign random passwords but also help with memorization and recall. We investigate the feasibility of this approach with CuedR, a novel cued-recognition authentication scheme that provides users with multiple cues (visual, verbal, and spatial) and lets them choose the cues that best fit their learning process for later recognition of system-assigned keywords. In our lab study, all 37 of our participants could log in within three attempts one week after registration (mean login time: 38.0 seconds). A pilot study on using multiple CuedR passwords also showed 100% recall within three attempts. Based on our results, we suggest appropriate applications for CuedR, such as financial and e-commerce accounts.
- Publication:
-
arXiv e-prints
- Pub Date:
- March 2015
- DOI:
- 10.48550/arXiv.1503.02314
- arXiv:
- arXiv:1503.02314
- Bibcode:
- 2015arXiv150302314N
- Keywords:
-
- Computer Science - Human-Computer Interaction;
- K.6.5
- E-Print:
- Will appear at CHI 2015 Conference, to be held at Seoul, Korea