• PDF / 492,538 Bytes
• 18 Pages / 439.37 x 666.142 pts Page_size
• 42 Downloads / 161 Views

DOWNLOAD

REPORT

Department of Computer Science and Engineering, The University of Texas at Arlington, Arlington, TX, USA {mahdi.al-ameen,kanis.fatema}@mavs.uta.edu, [email protected] 2 Department of Psychology, The University of Texas at Arlington, Arlington, TX, USA [email protected]

Abstract. User-chosen passwords fail to provide adequate security. System-assigned random passwords are more secure but suffer from memorability problems. We argue that the system should remove this burden from users by assisting with the memorization of randomly assigned passwords. To meet this need, we aim to apply the scientific understanding of long-term memory. In particular, we examine the efficacy of augmenting a system-assigned password scheme based on textual recognition by providing users with verbal cues—real-life facts corresponding to the assigned keywords. In addition, we explore the usability gain of including images related to the keywords along with the verbal cues. We conducted a multi-session in-lab user study with 52 participants, where each participant was assigned three different passwords, each representing one study condition. Our results show that the textual recognition-based scheme offering verbal cues had a significantly higher login success rate (94 %) as compared to the control condition, i.e., textual recognition without verbal cues (61 %). The comparison between textual and graphical recognition reveals that when users were provided with verbal cues, adding images did not significantly improve the login success rate, but it did lead to faster recognition of the assigned keywords. We believe that our findings make an important contribution to understanding the extent to which different types of cues impact the usability of system-assigned passwords.

Keywords: Usable security ity · Verbal cues

1

· System-assigned passwords · Memorabil-

Introduction

Traditional user-chosen textual passwords suffer from security problems because of password reuse and predictable patterns [13,38]. Users are tasked with creating a password that should be both secure and memorable, but they typically c Springer International Publishing Switzerland 2015  G. Pernul et al. (Eds.): ESORICS 2015, Part II, LNCS 9327, pp. 438–455, 2015. DOI: 10.1007/978-3-319-24177-7 22

Leveraging Real-Life Facts to Make Random Passwords More Memorable

439

lack information about what is secure in the face of modern cracking and attacks tools, as well as how to construct memorable strings, memorize them quickly, and accurately recall them later. Faced with this challenge, users often compromise on security and create a weak but memorable password. While policies have been deployed to get users to create stronger passwords [19,38], such policies do not necessarily lead to more secure passwords but do adversely affect memorability [33,38]. Studies in psychology have shown that recognition, such as identifying an assigned picture from a set, is an easier memory task than recall, such as traditional textual passwords [6,42,43]. Inspired by these findings, researchers have

Recommend Documents

Passwords

134 92 14MB

Getting to the Facts

161 23 3MB

Brand Premium How Smart Brands Make More Money

197 118 2MB

Does Playing Video Games Make Players More Violent?

173 90 2MB

Adaptive Marketing Leveraging Real-Time Data to Become a More Compet

139 38 4MB

Assisting Users to Create Stronger Passwords Using ContextBased MicroTraining

185 49 24MB

How to Make a Statement

194 53 5MB

How to Make Bispecific Antibodies

195 45 3MB

MAKE-TO-ORDER (MTO) PRODUCTION

155 18 525KB

Consistent Facts

167 98 2MB

Leveraging Computational Modeling to Understand Infectious Diseases

198 59 3MB

PRTransE: Emphasize More Important Facts Based on Pagerank for Knowledge Graph Completion

142 99 8MB