Abstract or Summary:
User-supplied textual passwords are extensively used today for user authentication. However, these passwords have serious defficiencies in the way they interact with humans' natural ability to form memories. Strong passwords that are hard to crack are also often hard for humans to remember, while memorable passwords are easily brute-forced or guessed. We propose a novel password design -- life-experience passwords (LEPs). We explain how to use users' existing episodic memories about definning life events to create memorable and hard-to-guess passwords and discuss challenges involved in design and use of LEPs.