Lookup NU author(s): Dr Thomas Gross
This is the final published version of a report that has been published in its final definitive form by School of Computing Science, University of Newcastle upon Tyne, 2017.
For re-use rights please refer to the publisher's terms and conditions.
Memorability vis-a-vis password strength and reuse is one of the major issues of the prevalent authentication method. The situation is aggravated by security fatigue. We investigate how usersâ€™ password memorability differ over password reuse and strength as well as across cognitively depleted and undepleted groups.Non-computer science students (N = 100) were randomly assigned to two groups, asked to generate a password and to return to the lab a week later to login. One group was cognitively depleted, the other was not. Password reuse and strength were observed. Password memorability was measured and compared across depletion groups, reuse and strength. Agreeable users are more likely to create a new password (OR = 5). Men were four times as likely to create a new password compared to women. Users who have reused an existing password are more than 100 times as likely to recall their pass- word compared to users who created a new one. Users who have been cognitively depleted at the time of registration are less likely to recall their password (OR = 0.032). However, surprisingly, the likelihood to recall the password was neither significantly impacted by last time of use OR = 0.999 [0.995,1.002] nor by the password strength OR = 0.981 [0.737, 1.303]. This is the first study to establish empirically(a) that personality traits influence whether a user reuses an existing password, (b) that cognitive depletion at time of registration negatively impacts memorability, and (c) that last time of use of a reused password and password strength does not have a significant impact on memorability.
Author(s): Gross T, Coopamootoo K, Al-Jabri A
Publication type: Report
Publication status: Published
Series Title: School Of Computing Science Technical Report Series
Print publication date: 01/07/2017
Acceptance date: 01/01/1900
Report Number: 1509
Institution: School of Computing Science, University of Newcastle upon Tyne
Place Published: Newcastle upon Tyne