Encouraging users to improve password security and memorability

Yildirim, M and Mackie, I (2019) Encouraging users to improve password security and memorability. International Journal of Information Security. ISSN 1615-5262 (Accepted)

[img] PDF - Accepted Version
Restricted to SRO admin only

Download (1MB)


Security issues in text-based password authentication are rarely
caused by technical issues, but rather by the limitations of human
memory, and human perceptions together with their consequential
responses. This study introduces a new user-friendly guideline
approach to password creation, including persuasive messages that
motivate and influence users to select more secure and memorable
text passwords without overburdening their memory. From a broad
understanding of human factors-caused security problems, we offer a
reliable solution by encouraging users to create their own formula
to compose passwords. A study has been conducted to evaluate the
efficiency of the proposed password guidelines. Its results suggest
that the password creation methods and persuasive message provided
to users convinced them to create cryptographically strong and
memorable passwords. Participants were divided into two groups in
the study. The participants in the experimental group who were given
several password creation methods along with a persuasive message
created more secure and memorable passwords than the participants in
the control group who were asked to comply with the usual strict
password creation rules. The study also suggests that our password
creation methods are much more efficient than strict password policy
rules. The security and usability evaluation of the proposed
password guideline showed that simple improvements such as adding
persuasive text to the usual password guidelines consisting of
several password restriction rules, make significant changes to the
strength and memorability of passwords. The proposed password
guidelines are a low-cost solution to the problem of improving the
security and usability of text-based passwords.

Item Type: Article
Schools and Departments: School of Engineering and Informatics > Informatics
Research Centres and Groups: Foundations of Software Systems
Depositing User: Ian Mackie
Date Deposited: 26 Mar 2019 11:12
Last Modified: 26 Mar 2019 11:12
URI: http://srodev.sussex.ac.uk/id/eprint/82802

View download statistics for this item

📧 Request an update