Question-and-Answer Passwords: An Empirical Evaluation
Publication: Information Systems, Volume 16, Number 3
Page(s): 335 - 343
Publisher: Elsevier Science
Source 1: http://dx.doi.org/10.1016/0306-4379(91)90005-T - Subscription or payment required
Abstract or Summary:
This paper evaluates two question-and-answer password techniques and suggests the use of either cognitive or associative passwords as methods to create passwords that are simultaneously memorable and difficult to guess. Both of these mechanisms involve a dialogue between a user and a system, where a user answers a rotating set of cues or questions. A set of brief responses replaces a single password.
The findings of an empirical investigation, focusing on memorability and ease-of-guessing of both cognitive and associative passwords, are reported. These findings show similar results for both types of passwords with no clear advantage to either. They also suggest that both cognitive and associative passwords were easily recalled by users, while they were difficult for others to guess, even by others who were socially close to the users.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.