English

Towards Making Random Passwords Memorable: Leveraging Users' Cognitive Ability Through Multiple Cues

Human-Computer Interaction 2015-03-10 v1

Abstract

Given the choice, users produce passwords reflecting common strategies and patterns that ease recall but offer uncertain and often weak security. System-assigned passwords provide measurable security but suffer from poor memorability. To address this usability-security tension, we argue that systems should assign random passwords but also help with memorization and recall. We investigate the feasibility of this approach with CuedR, a novel cued-recognition authentication scheme that provides users with multiple cues (visual, verbal, and spatial) and lets them choose the cues that best fit their learning process for later recognition of system-assigned keywords. In our lab study, all 37 of our participants could log in within three attempts one week after registration (mean login time: 38.0 seconds). A pilot study on using multiple CuedR passwords also showed 100% recall within three attempts. Based on our results, we suggest appropriate applications for CuedR, such as financial and e-commerce accounts.

Keywords

Cite

@article{arxiv.1503.02314,
  title  = {Towards Making Random Passwords Memorable: Leveraging Users' Cognitive Ability Through Multiple Cues},
  author = {Mahdi Nasrullah Al-Ameen and Matthew Wright and Shannon Scielzo},
  journal= {arXiv preprint arXiv:1503.02314},
  year   = {2015}
}

Comments

Will appear at CHI 2015 Conference, to be held at Seoul, Korea

R2 v1 2026-06-22T08:47:02.650Z