Improving Recall and Security of Passphrases Through Use of Mnemonics
Date: December 5 2016
Publication: 11th International Conference on Passwords (Passwords16 Bochum)
Source 1: https://steel.isi.edu/members/simonwoo/pub/mnpass.pdf
Abstract or Summary:
Passphrases are regarded as more secure than passwords because they are longer than passwords. Yet, users use predictable word patterns and common phrases to make passphrases memorable, which in turn significantly lowers security. We explore a novel approach to make passphrases more memorable and more secure through use of mnemonics – multi-letter abbreviations of passphrases, made of the first letters of each word in a passphrase. We use mnemonics during authentication as user hints to aid recall. We also explore use of mnemonics to guide passphrase creation – we generate a random mnemonic and require a user to produce a passphrase, which matches it. This guides the users away from common phrases and improves security. We evaluate these uses of mnemonics in several IRB-approved user studies with participants from Amazon Mechanical Turk. We find that mnemonics displayed as authentication hints increase recall of passphrases by 30–36% after three days, and by 51–74% after seven days. When used to guide passphrase creation, mnemonics reduce the use of common phrases from 52% to under 5%, while passphrase recall remains high. Users also rate usability of passphrases with mnemonics (for creation or for authentication) higher than usability of classical passphrases.
PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=aC7HVtNKIpY
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.