Abstract or Summary:
Users tend to form their own mental models of good passwords regardless of any instructions provided. They also tend to favour memorability over security. In our study comparing two mnemonic phrase-based password schemes, we found a surprising number of participants misused both schemes. Intentional or not, they misused the system such that their task of password creation and memorization became easier. Thus, we believe that instead of better instructions or password schemes, a new approach is required to convince users to create more secure passwords. One possibility may lie in employing Persuasive Technology.