The need for secure and usable cognitive password systems has been recognized for many years. While graphical passwords present one promising approach, this study focuses on the use of short stories to create “narrative passwords”. Users are presented with a flash fiction (<1000 words) that contains interchangeable elements randomly selected for their story. These elements form the password to be remembered later, while the remainder of the story serves as a memory context to create a strong binding of the items in memory. The results of an initial pilot study using narrative passwords show that participants can retain a sufficient amount of information over a period greater than a week. The system itself acts as a memory cue, such that recognition memory performance has the potential to increase over time.
Get full access to this article
View all access options for this article.
References
1.
AdamsA.SasseM.A.LuntP. (1997) Making passwords secure and usable. In ThimblebyH.O’ConnailB.ThomasP. (eds), People and Computers XII: Proceedings of HCI1997, 1-19.
2.
BiddleR.ChiassonS.van OorschotP.C. (2011). Graphical Passwords: Learning from the First Twelve Years. ACM Computing Surveys44(4)
3.
BurrW. E.DodsonD. F.PolkW. T. (2006). Electronic Authentication Guideline. NIST Special Publication.
4.
De AngeliA.CoventryL.JohnsonG.RenaudK. (2005). Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human Computer Studies, 63, 128-152.
5.
FletcherC. R.ChryslerS. T. (1990). Surface Forms, Textbases, and Situation Models: Recognition Memory for Three Types of Textual Information. Discourse Process, 175-90.
6.
FlorencioD.HerleyC. (2007). A large-scale study of web password habits. WWW 2007, May8–12, 2007, Banff, Alberta, Canada.
7.
HooverC.MinardN.HsuT.WernerS. (2013) Using an Adaptive Recognition Approach to Measure Information Retention in Story-based Passwords. Poster session presented at the Northwest Cognition and Memory Conference, Vancouver B.C.
8.
JohnsonK.WernerS. (2013). Computer Security and Human Memory - Optimizing Password Systems for Users. In Press.
9.
JohnsonK.WernerS. (2006). Using Composite scene authentication (CSA) as a graphical alternative to alphanumeric password systems. In Proceedings of the 50th annual meeting of the Human Factors and Ergonomics Society. San Francisco, CA. (2006)
10.
JohnsonK.WernerS. (2007). Memorability of alphanumeric and Composite Scene Authentication (CSA) passcodes over extended retention intervals. In Proceedings of the 51st annual meeting of the Human Factors and Ergonomics Society. Baltimore, MD. (2007)
11.
JohnsonK.WernerS. (2008). Graphical User Authentication – A comparative evaluation of Composite Scene Authentication (CSA) vs. three competing graphical passcode systems (Passfaces, VIP, PassPoints). In Proceedings of the 52nd annual meeting of the Human Factors and Ergonomics Society. Baltimore, MD.
12.
JosangA.AlFayyadhB.GrandisonT.AlZomaiM.McNamaraJ. (2007). Security Usability Principles for. Proceedings of the Annual Computer Security Applications Conference. Miami Beach.
13.
KeithM.ShaoB.SteinbartP. J. (2007). The usability of passphrases for authentication: An empirical field study. International Journal of Human-Computer Studies. 65(1), 17-28.
14.
KintschW. (1974). The Representation of Meaning in Memory. Hillsdale: Lawrence Erlbaum Associates, Inc.
15.
KintschW. (1998). Comprehension. Cambridge: Cambridge University Press.
RadvanskyG. A.ZacksR. T. (1991). Mental Models and Fact Retrieval. Journal of Experimental Psychology Learning Memory and Cognition, 940-53.
18.
RadvanskyG. A.SpielerD. H.ZacksR. T. (1993). Mental Model Organization. Journal of Experimental Psychology Learning Memory and Cognition, 95-114.
19.
RasmussenR.AaronG. (2013). Global Phishing Survey: Trends and Domain Name Use in 1H2013. Lexington: Anti-Phishing Working Group.
20.
RenaudK.De AngeliA. (2004). My password is here! An investigation into visuo-spatial authentication mechanisms. Interacting With Computers, 16, 1017-1041.
21.
ShepardR. N. (1967). Recognition memory for words, sentences, and pictures. Journal of Verbal Learning and Verbal Behavior, 6, 156-163.
22.
van DijkT. A.KintschW. (1983). Strategies of Discourse and Comprehension. New York: New York Academy Press.
23.
WrightN.PatrickA.BiddleR. (2012). Do You See Your Password? Applying Recognition to Textual Passwords. Symposium on Usable Privacy and Security, (pp. 1-14). Washington D.C.
