Abstract

Passphrases are regarded as more secure than passwords because they are longer than passwords. Yet, users use predictable word patterns and common phrases to make passphrases memorable, which in turn significantly lowers security. We explore a novel use of mnemonics, multi-letter passphrase abbreviations, to make passphrases more memorable and more secure. We use mnemonics during authentication as user hints to achieve cued-recall. We also explore use of mnemonics to guide passphrase creation–we generate a random mnemonic and require a user to produce a passphrase, which matches it. This guides the users away from common phrases and improves security. We evaluate these uses of mnemonics in several IRB-approved user studies with participants from Amazon Mechanical Turk. We find that mnemonics displayed as authentication hints increase recall of passphrases by 30–36% after three days, and by 51–74% after seven days. When used to guide passphrase creation, mnemonics reduce the use of common phrases from 52% to under 5%, while passphrase recall remains high. Users also rate usability of passphrases with mnemonics (for creation or for authentication) higher than usability of classical passphrases.

Metadata

publication

Proceedings of the 10th International Conference on Passwords (Passwords), 2016

year

2016

publication date

2016

authors

Simon S Woo, Jelena Mirkovic

link

http://dash.skku.edu/pub/mnpass.pdf

resource_link

http://dash.skku.edu/pub/mnpass.pdf

journal

Proceedings of the 10th international conference on passwords (Passwords)