Improving Recall and Security of Passphrases Through Use of Mnemonics
Authors: Simon S. Woo, Jelena Mirkovic

Date: December 5 2016
Publication: 11th International Conference on Passwords (Passwords16 Bochum)
Source 1:

Abstract or Summary:
Passphrases are regarded as more secure than passwords because they are longer than passwords. Yet, users use predictable word patterns and common phrases to make passphrases memorable, which in turn significantly lowers security. We explore a novel approach to make passphrases more memorable and more secure through use of mnemonics multi-letter abbreviations of passphrases, made of the first letters of each word in a passphrase. We use mnemonics during authentication as user hints to aid recall. We also explore use of mnemonics to guide passphrase creation we generate a random mnemonic and require a user to produce a passphrase, which matches it. This guides the users away from common phrases and improves security. We evaluate these uses of mnemonics in several IRB-approved user studies with participants from Amazon Mechanical Turk. We find that mnemonics displayed as authentication hints increase recall of passphrases by 3036% after three days, and by 5174% after seven days. When used to guide passphrase creation, mnemonics reduce the use of common phrases from 52% to under 5%, while passphrase recall remains high. Users also rate usability of passphrases with mnemonics (for creation or for authentication) higher than usability of classical passphrases. Note: Video of presentation:

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019