Too many passwords? How understanding our memory can increase password memorability. Issue 111 (March 2018)
- Record Type:
- Journal Article
- Title:
- Too many passwords? How understanding our memory can increase password memorability. Issue 111 (March 2018)
- Main Title:
- Too many passwords? How understanding our memory can increase password memorability
- Authors:
- Woods, Naomi
Siponen, Mikko - Abstract:
- Highlights: There was no relationship between memory performance and correct password recall. General metamemory constructs could predict memory performance, but not password recall. The contextualized password metamemory constructs of Capacity, Locus, Achievement, and Task predicted correct password recall. There was a difference between the contextualized password metamemory constructs that predicted password recall, in comparison with the generalized metamemory constructs that predicted memory performance. Abstract: Passwords are the most common authentication mechanism, that are only increasing with time. Previous research suggests that users cannot remember multiple passwords. Therefore, users adopt insecure password practices, such as password reuse in response to their perceived memory limitations. The critical question not currently examined is whether users' memory capabilities for password recall are actually related to having a poor memory. This issue is imperative: if insecure password practices result from having a poor memory, then future password research and practice should focus on increasing the memorability of passwords. If, on the other hand, the problem is not solely related to memory performance, but to users' inaccurate perception of their memory, then future research needs to examine why this is the case and how such false perception can be improved. In this paper we examined this conundrum by contextualizing the memory theory of metamemory, to theHighlights: There was no relationship between memory performance and correct password recall. General metamemory constructs could predict memory performance, but not password recall. The contextualized password metamemory constructs of Capacity, Locus, Achievement, and Task predicted correct password recall. There was a difference between the contextualized password metamemory constructs that predicted password recall, in comparison with the generalized metamemory constructs that predicted memory performance. Abstract: Passwords are the most common authentication mechanism, that are only increasing with time. Previous research suggests that users cannot remember multiple passwords. Therefore, users adopt insecure password practices, such as password reuse in response to their perceived memory limitations. The critical question not currently examined is whether users' memory capabilities for password recall are actually related to having a poor memory. This issue is imperative: if insecure password practices result from having a poor memory, then future password research and practice should focus on increasing the memorability of passwords. If, on the other hand, the problem is not solely related to memory performance, but to users' inaccurate perception of their memory, then future research needs to examine why this is the case and how such false perception can be improved. In this paper we examined this conundrum by contextualizing the memory theory of metamemory, to the password security context. We argue, based on our contextualized metamemory theory, that the recall of multiple passwords is not related to users' memory capabilities, and therefore users are able to actually remember more passwords than they think. Instead, we argue that users' perceptions of their memories abilities, in terms of password memory capacity; perceived control over their memory; motivation to remember; and their understanding of their memory, explains why users cannot remember their passwords. We tested our contextualized metamemory theory in the password security context through a longitudinal experiment, examining over 3500 passwords. The results suggest that our contextualized metamemory theory, rather than the general metamemory theory explains password recall. This study has important implications for research in password security, and practice. … (more)
- Is Part Of:
- International journal of human-computer studies. Issue 111(2018)
- Journal:
- International journal of human-computer studies
- Issue:
- Issue 111(2018)
- Issue Display:
- Volume 111, Issue 111 (2018)
- Year:
- 2018
- Volume:
- 111
- Issue:
- 111
- Issue Sort Value:
- 2018-0111-0111-0000
- Page Start:
- 36
- Page End:
- 48
- Publication Date:
- 2018-03
- Subjects:
- Password security -- Memorability -- Human memory -- Metamemory -- Information security -- Authentication
Human-machine systems -- Periodicals
Systems engineering -- Periodicals
Human engineering -- Periodicals
Human engineering
Human-machine systems
Systems engineering
Periodicals
Electronic journals
004.019 - Journal URLs:
- http://www.sciencedirect.com/science/journal/10715819 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.ijhcs.2017.11.002 ↗
- Languages:
- English
- ISSNs:
- 1071-5819
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4542.288100
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 12303.xml