Abstract or Summary:
Various mechanisms for authenticating users of computer-based information systems have been proposed. These include traditional, user-selected passwords, system-generated passwords, passphrases, cognitive passwords and associative passwords. While the mechanisms employed in primary passwords are determined by the operating systems' manufacturers, system designers can select any password mechanism for secondary passwords, to further protect sensitive application and data files. This paper reports on the results of an empirically based study of passwords characteristics. It provides a comparative evaluation on the memorability and users subjective preferences of the various passwords mechanisms, and suggests that cognitive passwords and associative passwords seem the most appropriate for secondary passwords.