On the Memorability of System-Generated PINs: Can Chunking Help?
Date: July 2014
Publication: Symposium on Usable Privacy and Security (SOUPS) 2014
Source 1: http://cups.cs.cmu.edu/soups/2014/workshops/papers/chunking_huh_11.pdf
Abstract or Summary:
To ensure that users do not choose weak personal identification numbers (PINs), many banks give out system-generated PINs, using computers to generate random PINs. 4-digit is the most commonly used PIN length, but 6-digit system-generated PINs are also becoming popular. The increased security we get from using system-generated PINs, however, comes at the cost of memorability. And while banks are increasingly adopting system generated, and longer (than traditional 4-digit) PINs, the impact on memorability of such PINs is not really known.
We conducted a large-scale online user study to investigate how memorability can be affected by increasing the PIN length, and how number chunking techniques (breaking a single number into multiple smaller numbers) can be applied to improve memorability. Our study shows that system-generated 4-digit PINs outperform 6-, 7-, and 8-digit PINs in long-term memorability, but that there is no significant difference between 6-, 7-, and 8-digit PINs. Our results also show that chunking can improve memorability of system-generated PINs. For example, 8-digit PINs broken into three chunks of 2-2-4 digits (00—00—0000) outperformed non-chunked 6-, 7-, and 8-digit PINs in long-term memorability, without much increase in the time taken to authenticate. Our study shows that chunking is a cheap, practical, yet effective solution that can be implemented with a few small modifications on the front-end user interface.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.