Question-and-Answer Passwords: An Empirical Evaluation
Authors: William J. Haga, Moshe Zviran

Date: 1991
Publication: Information Systems, Volume 16, Number 3
Page(s): 335 - 343
Publisher: Elsevier Science
Source 1: - Subscription or payment required

Abstract or Summary:
This paper evaluates two question-and-answer password techniques and suggests the use of either cognitive or associative passwords as methods to create passwords that are simultaneously memorable and difficult to guess. Both of these mechanisms involve a dialogue between a user and a system, where a user answers a rotating set of cues or questions. A set of brief responses replaces a single password.

The findings of an empirical investigation, focusing on memorability and ease-of-guessing of both cognitive and associative passwords, are reported. These findings show similar results for both types of passwords with no clear advantage to either. They also suggest that both cognitive and associative passwords were easily recalled by users, while they were difficult for others to guess, even by others who were socially close to the users.

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019