Improving the security of multiple passwords through a greater understanding of the human memory

Multiple passwords are an increasing security issue that will only get worse with time. One of the major factors that compromise multiple passwords is users’ memory, and the behaviors they adopt to compensate for its failures. Through studying memory elements that influence users’ password memorability, we may increase our understanding of the user and therefore make proposals to increase the security of the password authentication mechanism. This dissertation examines the human memory to understand password security behaviors; and moreover, develops new theories and revises prominent memory theories for the password context. This research employs memory theories to not only increase the me…

Frequently Using Passwords Increases Their Memorability - A False Assumption or Reality?

Password memorability is a significant problem that is getting worse as the numbers grow. As a direct result of memory limitations, adopted insecure password practices have substantial consequences as organizations lose millions to security breaches and helpdesk costs. IS research has examined memory theories to increase the memorability of passwords. However, in our research we have discovered some anomalous findings. It is commonly known that more frequently and recently recalled information is more easily remembered (assumed for password recall also); our previously collected objective data revealed no effect on password recall. This study will strive to confirm whether or not password m…

Disadvantaged by Disability: Examining the Accessibility of Cyber Security

Today, we are living in a digitally dependent world. Through the use of digital technologies, life is meant to be easier and streamlined. This includes giving access to services that previously were unavailable to many due to disability. Although technology has evolved immensely over the past few decades, reducing the digital divide, authentication methods have changed very little. Authentication is the forefront of securing users’ information, services and technology, yet for many it still poses issues in terms of usability and security, due to specific characteristics of different disabilities. In this paper, drawing upon a literature review, a review of recognized disabilities, and the r…

Too many passwords? : How understanding our memory can increase password memorability

Passwords are the most common authentication mechanism, that are only increasing with time. Previous research suggests that users cannot remember multiple passwords. Therefore, users adopt insecure password practices, such as password reuse in response to their perceived memory limitations. The critical question not currently examined is whether users’ memory capabilities for password recall are actually related to having a poor memory. This issue is imperative: if insecure password practices result from having a poor memory, then future password research and practice should focus on increasing the memorability of passwords. If, on the other hand, the problem is not solely related to memory…

Improving Password Memorability, While Not Inconveniencing the User

Abstract Passwords are the most frequently used authentication mechanism. However, due to increased password numbers, there has been an increase in insecure password behaviors (e.g., password reuse). Therefore, new and innovative ways are needed to increase password memorability and security. Typically, users are asked to input their passwords once in order to access the system, and twice to verify the password, when they create a new account. But what if users were asked to input their passwords three or four times when they create new accounts? In this study, three groups of participants were asked to verify their passwords once (control group), twice, and three times (two experimental gr…

The Light Side of Passwords : Turning Motivation from the Extrinsic to the Intrinsic

There are many good and bad aspects to password authentication. They are mostly without cost, securing many accounts and systems, and allowing users access from anywhere in the world. However, passwords can elicit dark side phenomena, including security technostress; with many users feeling negatively towards them, as they struggle to cope with the sheer numbers required in their everyday lives. Much research has attempted to understand users’ interactions with passwords, examining the trade-off between security, memorability, user convenience, and suggesting techniques to manage them better. However, users continue to struggle. Many studies have shown that users are more concerned with goa…

Too many passwords? How understanding our memory can increase password memorability

Abstract Passwords are the most common authentication mechanism, that are only increasing with time. Previous research suggests that users cannot remember multiple passwords. Therefore, users adopt insecure password practices, such as password reuse in response to their perceived memory limitations. The critical question not currently examined is whether users’ memory capabilities for password recall are actually related to having a poor memory. This issue is imperative: if insecure password practices result from having a poor memory, then future password research and practice should focus on increasing the memorability of passwords. If, on the other hand, the problem is not solely related …

User Psychology Lab, University of Jyväskylä

Enhancing the user authentication process with colour memory cues

The authentication process is the first line of defence against potential impostors, and therefore is an important concern when protecting personal and organisational data. Although there are many options to authenticate digital users, passwords remain the most common authentication mechanism. However, with password numbers increasing, many users struggle with remembering multiple passwords, which affects their security behaviour. Previous researchers and practitioners have attempted to suggest ways to improve password memorability and security simultaneously. We introduce novel approach that utilises colour as a memory cue to increase password memorability and security. A longitudinal stud…

Improving Password Memorability, While Not Inconveniencing the User

Passwords are the most frequently used authentication mechanism. However, due to increased password numbers, there has been an increase in insecure password behaviors (e.g., password reuse). Therefore, new and innovative ways are needed to increase password memorability and security. Typically, users are asked to input their passwords once in order to access the system, and twice to verify the password, when they create a new account. But what if users were asked to input their passwords three or four times when they create new accounts? In this study, three groups of participants were asked to verify their passwords once (control group), twice, and three times (two experimental groups). Ps…