Password Memorability and Strength using an Image

In this study, the goal was to determine if the use of an image may help the average user to create strong and unique passwords, as well as give aid to remember the password that was created. Furthermore, we aim to determine if the image helps improve the perception of security. The way we went about this was to develop a survey that provides the user with an image and asks them to create a password that may be strong enough for a school account using that image. Four groups were tested, a control with no image and three test groups each featuring a unique image

Password Policy Effects on Entropy and Recall: Research in Progress

Passwords are commonly used for authentication. System architects generally put in place password policies that define the required length of a password, the complexity requirements of the password, and the expiration (if ever) of the password. Password policies are designed with the intent of helping users choose secure passwords, and in the case of password expiration, limit the potential damage of a compromised password. However, password policies can have unintended consequences that could potentially undermine their security aims. Based on the theory of cognitive load, it is hypothesized that password policy elements increase extraneous load, which can result in high entropy passwords, but to the detriment of recall. It is further hypothesized that certain password policy elements can still help increase entropy, while minimizing the negative impact on recall. An experiment to test the hypotheses and determine both a secure and user friendly password policy is put forward

Enhancing security behaviour by supporting the user

Although the role of users in maintaining security is regularly emphasized, this is often not matched by an accompanying level of support. Indeed, users are frequently given insufficient guidance to enable effective security choices and decisions, which can lead to perceived bad behaviour as a consequence. This paper discusses the forms of support that are possible, and seeks to investigate the effect of doing so in practice. Specifically, it presents findings from two experimental studies that investigate how variations in password meter usage and feedback can positively affect the resulting password choices. The first experiment examines the difference between passwords selected by unguided users versus those receiving guidance and alternative forms of feedback (ranging from a traditional password meter through to an emoji-based approach). The findings reveal a 30% drop in weak password choices between unguided and guided usage, with the varying meters then delivering up to 10% further improvement. The second experiment then considers variations in the form of feedback message that users may receive in addition to a meter-based rating. It is shown that by providing richer information (e.g. based upon the time required to crack a password, its relative ranking against other choices, or the probability of it being cracked), users are more motivated towards making strong choices and changing initially weak ones. While the specifics of the experimental findings were focused upon passwords, the discussion also considers the benefits that may be gained by applying the same principles of nudging and guidance to other areas of security in which users are often found to have weak behaviours

Lessons from brain age on password memorability

User authentication involves establishing a user's right to access a system. Most user authentication is done with text passwords, which have advantages over other approaches, but more secure passwords are often diffcult to remember. Nintendo's Brain Age games involve cognitive training which can improve memory. We examined Brain Age in search of insights towards helping users create and remember more secure passwords. Although Brain Age offers no techniques for memorising specific information, we discovered ideas for a new type of serious game that may help with password memorisation: Password Rehearsal Games. Copyright 2008 ACM