Michael Clark (Brigham Young University), Scott Ruoti (The University of Tennessee), Michael Mendoza (Imperial College London), Kent Seamons (Brigham Young University)

Users struggle to select strong passwords. System-assigned passwords address this problem, but they can be difficult for users to memorize. While password managers can help store system-assigned passwords, there will always be passwords that a user needs to memorize, such as their password manager’s master password. As such, there is a critical need for research into helping users memorize system-assigned passwords. In this work, we compare three different designs for password memorization aids inspired by the method of loci or memory palace. Design One displays a two-dimensional scene with objects placed inside it in arbitrary (and randomized) positions, with Design Two fixing the objects’ position within the scene, and Design Three displays the scene using a navigable, three-dimensional representation. In an A-B study of these designs, we find that, surprisingly, there is no statistically significant difference between the memorability of these three designs, nor that of assigning users a passphrase to memorize, which we used as the control in this study. However, we find that when perfect recall failed, our designs helped users remember a greater portion of the encoded system-assigned password than did a passphrase, a property we refer to as durability. Our results indicate that there could be room for memorization aids that incorporate fuzzy or error-correcting authentication. Similarly, our results suggest that simple (i.e., cheap to develop) designs of this nature may be just as effective as more complicated, high-fidelity (i.e., expensive to develop) designs.

View More Papers

Work in Progress: A Comparative Long-Term Study of Fallback...

Philipp Markert, Maximilian Golla (Ruhr University Bochum); Elizabeth Stobert (National Research Council of Canada); Markus Dürmuth (Ruhr University Bochum)

Read More

Scenario-Driven Assessment of Cyber Risk Perception at the Security...

Simon Parkin (TU Delft), Kristen Kuhn, Siraj Ahmed Shaikh (Coventry University)

Read More

“So I Sold My Soul“: Effects of Dark Patterns...

Oksana Kulyk (ITU Copenhagen), Willard Rafnsson (IT University of Copenhagen), Ida Marie Borberg, Rene Hougard Pedersen

Read More

HEIR: A Unified Representation for Cross-Scheme Compilation of Fully...

Song Bian (Beihang University), Zian Zhao (Beihang University), Zhou Zhang (Beihang University), Ran Mao (Beihang University), Kohei Suenaga (Kyoto University), Yier Jin (University of Science and Technology of China), Zhenyu Guan (Beihang University), Jianwei Liu (Beihang University)

Read More