Toggle Main Menu Toggle Search

Open Access padlockePrints

Why Johnny Cannot Remember His Password -- An Empirical Investigation

Lookup NU author(s): Dr Thomas Gross

Downloads


Licence

This is the final published version of a report that has been published in its final definitive form by School of Computing Science, University of Newcastle upon Tyne, 2017.

For re-use rights please refer to the publisher's terms and conditions.


Abstract

Memorability vis-a-vis password strength and reuse is one of the major issues of the prevalent authentication method. The situation is aggravated by security fatigue. We investigate how users’ password memorability differ over password reuse and strength as well as across cognitively depleted and undepleted groups.Non-computer science students (N = 100) were randomly assigned to two groups, asked to generate a password and to return to the lab a week later to login. One group was cognitively depleted, the other was not. Password reuse and strength were observed. Password memorability was measured and compared across depletion groups, reuse and strength. Agreeable users are more likely to create a new password (OR = 5). Men were four times as likely to create a new password compared to women. Users who have reused an existing password are more than 100 times as likely to recall their pass- word compared to users who created a new one. Users who have been cognitively depleted at the time of registration are less likely to recall their password (OR = 0.032). However, surprisingly, the likelihood to recall the password was neither significantly impacted by last time of use OR = 0.999 [0.995,1.002] nor by the password strength OR = 0.981 [0.737, 1.303]. This is the first study to establish empirically(a) that personality traits influence whether a user reuses an existing password, (b) that cognitive depletion at time of registration negatively impacts memorability, and (c) that last time of use of a reused password and password strength does not have a significant impact on memorability.


Publication metadata

Author(s): Gross T, Coopamootoo K, Al-Jabri A

Publication type: Report

Publication status: Published

Series Title: School Of Computing Science Technical Report Series

Year: 2017

Pages: 24

Print publication date: 01/07/2017

Acceptance date: 01/01/1900

Report Number: 1509

Institution: School of Computing Science, University of Newcastle upon Tyne

Place Published: Newcastle upon Tyne


Share