Sage Journals: Discover world-class research

Abstract

Participants in this study were assigned to one of three different password generation groups: image-based mnemonic, text-based mnemonic, or proactive password checking restrictions alone; and asked to generate and later recall passwords for five separate fictitious online accounts. Password accuracy and recall time were measured following both a short-term (10-minute) and long-term (1-week) delay. Results indicated that passwords were more quickly generated and accurately recalled when they were generated using the image-based mnemonic technique or proactive password restrictions alone, as opposed to the text-based mnemonic technique. Furthermore, use of the image-based mnemonic technique resulted in the generation of passwords that were more resistant to forgetting. Implications and future research considerations are discussed.

Get full access to this article

View all access options for this article.

References

Davis

(2007). Hackers take down the most wired country in europe. Wired Magazine: Issue 15.09. Retrieved November, 30, 2007 from: http://www.Wired.com/politics/security/magazine/15–09/ff_estonia.

Florêncio

Herley

(2007). A large scale study of web password habits. WWW 2007, May 8–12, 2007, Banff, BC.

Grimes

R. A.

(2006). MySpace password exploit: Crunching the numbers (and letters). Retrieved November 30, 2007, from: http://www.InfoWorld.com/article/06/11/17/47OPsecadvise_1.html.

Ives

Walsh

K. R.

Schneider

(2004). The domino effect of password reuse. Communications of the ACM, 47(4), 75–78.

Klein

D. V.

(1990). Foiling the cracker: A survey of, and improvements to, password security. In Proceedings of the 2nd Usenix Workshop on Security, 1990.

Morris

Thompson

(1979). Password security: A case history. Communications of the ACM, 22, 594–597.

Proctor

R. W.

Lien

M.-C.

K.-P. L.

Schultz

E. E.

Salvendy

(2002). Improving computer security for authentication of users: Influence of proactive password restrictions. Journal of Behavior Research Methods, Instruments, & Computers, 34 (2), 163–169.

Sasse

M. A.

Brostoff

Werrich

(2001). Transforming the ‘weakest link’: A human-computer interaction approach to usable & effective security. BT Technology Journal, 19, 122–131.

Schneier

(2000). Secrets and lies. New York: John Wiley and Sons.

10.

K.-P. L.

Garcia

F. P.

Nelson

Sulaitis

Creekmur

Chambers

Proctor

R. W.

(2007). Examining user privacy practices while shopping online: What are users looking for? In Smith

M. J.

Salvendy

, Human Interface, Part II, HCII 2007, Lecture Notes in Computer Science 4558 (pp. 792–801). Berlin: Springer-Verlag.

11.

K.-P. L.

Proctor

R. W.

Bhargav-Spantzel

Tai

B.-L.

Cook

Schultz

E. E.

(2007). Improving password security & memorability to protect personal & organizational information. International Journal of Human-Computer Studies, 65, 744–757.

12.

Yan

Blackwell

Anderson

Grant

(2005). The memorability & security of passwords – Empirical results. Security & Privacy Magazine, IEEE, Volume 2, Issue 5.

Use of Image-based Mnemonic Techniques to Enhance the Memorability of User-generated Passwords

Abstract

Get full access to this article

References