ABSTRACT

User-chosen passwords reflecting common strategies and patterns ease memorisation but offer uncertain and often weak security, while system-assigned passwords provide higher security guarantee but suffer from poor memorability. We thus examine the technique to enhance password memorability that incorporates a scientific understanding of long-term memory. In particular, we examine the efficacy of providing users with verbal cues—real-life facts corresponding to system-assigned keywords. We also explore the usability gain of including images related to the keywords along with verbal cues. In our multi-session lab study with 52 participants, textual recognition-based scheme offering verbal cues had a significantly higher login success rate (94.23%) compared to the control condition, i.e. textual recognition without verbal cues (61.54%). When users were provided with verbal cues, adding images contributed to faster recognition of the assigned keywords, and thus had an overall improvement in usability. So, we conducted a field study with 54 participants to further examine the usability of graphical recognition-based scheme offering verbal cues, which showed an average login success rate of 98% in a real-life setting and an overall improvement in login performance with more login sessions. These findings show a promising research direction to gain high memorability for system-assigned passwords.

摘要

反映常见策略和模式的用户选择的密码易于记忆，但提供的安全性不确定且通常较弱，而系统分配的密码提供更高的安全保证，但易记性较差。因此，我们研究了增强密码记忆性的技术，该技术结合了对长期记忆的科学理解。特别是，我们检查了为用户提供口头提示的效果——与系统分配的关键字相对应的现实生活中的事实。我们还探索了包含与关键字相关的图像以及口头提示的可用性增益。在我们有 52 名参与者的多会话实验室研究中，与控制条件（即没有语言提示的文本识别）（61.54%）相比，提供口头提示的基于文本识别的方案具有显着更高的登录成功率（94.23%）。当向用户提供口头提示时，添加图像有助于更快地识别分配的关键字，从而全面提高可用性。因此，我们对 54 名参与者进行了实地研究，以进一步检查基于图形识别的方案提供口头提示的可用性，这表明在现实生活中的平均登录成功率为 98%，并且登录会话越多，登录性能的整体提升。这些发现显示了一个有前途的研究方向，可以为系统分配的密码获得高记忆性。