Effectiveness of image-based mnemonic techniques for enhancing the memorability and security of user-generated passwords

Authors:
Deborah Nelson;Kim-Phuong L. Vu
Affiliations:
Sage North America, 80 Technology Drive, Irvine CA 92618, USA;Department of Psychology, California State University Long Beach, 1250 N Bellflower Blvd., Long Beach, CA 90840, USA
Venue:
Computers in Human Behavior
Year:
2010

Citing 11
Cited 3

Passwords in use in a university timesharing environment

Computers and Security
Password security: a case history

Communications of the ACM
Safe and sound: a safety-critical approach to security

Proceedings of the 2001 workshop on New security paradigms
The domino effect of password reuse

Communications of the ACM - Human-computer etiquette
Password Memorability and Security: Empirical Results

IEEE Security and Privacy
Using personal photos as pictorial passwords

CHI '05 Extended Abstracts on Human Factors in Computing Systems
PassPoints: design and longitudinal evaluation of a graphical password system

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Déjà Vu: a user study using images for authentication

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Improving password security and memorability to protect personal and organizational information

International Journal of Human-Computer Studies
Examining user privacy practices while shopping online: what are users looking for?

Proceedings of the 2007 conference on Human interface: Part II

Assessment of E-Commerce security using AHP and evidential reasoning

Expert Systems with Applications: An International Journal
On authentication factors: "what you can" and "how you do it"

Proceedings of the 6th International Conference on Security of Information and Networks
The influence of password restrictions and mnemonics on the memory for passwords of older adults

HCI International'13 Proceedings of the 15th international conference on Human Interface and the Management of Information: information and interaction design - Volume Part I

Quantified Score

Hi-index	0.00

Visualization

Abstract

Complex passwords are hard to remember, so people often pick simple passwords, write complex ones down, and reuse the same password across multiple accounts. Proactive password checking (PPC) restrictions and mnemonic techniques can enhance password security and memorability. Participants in this study were assigned to one of three password generation groups: PPC restrictions alone, image-based mnemonic, or text-based mnemonic. They were asked to generate and later recall passwords for five separate fictitious online accounts. The use of mnemonic techniques resulted in the generation of longer and more complex passwords. Furthermore, passwords were more accurately recalled when they were generated using the image-based mnemonic technique or PPC restrictions alone, as opposed to the text-based mnemonic technique. However, passwords generated using PPC restrictions alone were more easily forgotten and susceptible to being cracked. Thus, the image-based mnemonic technique was shown to be the most effective method for generating secure and memorable passwords.