The Science Behind Remembering All Those Passwords You Keep Having To Reset

Kevin Juang and Joel Greenstein are the authors of a recently published study that explains why it is difficult for humans to master the art of existing passphrase authentication systems, reports Science Daily.

The article, "Integrating Visual Mnemonics an Input Feedback With Passphrase to Improve the Usability and Security of Digital Authentication" was published in Human Factors.

Juang and Greenstein tested two passphrase systems to assist in recall. The first made use of a specialized list of common words, a six-word sentence structure that makes sense, and a mnemonic picture that was user-generated. In the second passphrase system, Juang and Greenstein replaced the six-word sentence structure used in the first passphrase system with four words drawn from a customized 1,450-word list.

The authors then compared their passphrase systems to a user-generated passphrase that contained 45 letters and to that of a system-generated passphrase using random words drawn from a 10,000-word list. Both of the control passphrase systems against which the authors tested their own.

Researchers' alternative passphrase systems showed better user recall than existing systems already in use.

Juang and Greenstein worked with 50 adult participants to test out their new passphrase systems. In the first exercise, the participants were asked to create both a passphrase and an applicable mnemonic and were instructed that they were not allowed to write it down. One recall session was held immediately right after the participants had created the passphrases. The second recall session took place 11 days later.

Data collected by the authors showed that the new systems created for the purpose of the study greatly improved memorability when compared to the existing passphrase systems. Recall rates from the second session were 82 percent using the authors' six-word sentence and 80 percent using their customized list of words versus 34 percent recall using the passphrase created using the list of 10,000 words and 50 percent recall with the user-generated passphrase.

The authors noted that real-world success rates would likely be higher as the study participants were instructed not to practice or write down their passphrases.

Juang, who is a user experience research manager at SunTrust Bank explained that passphrases are more secure than passwords and avoid issues with fingerprint, facial recognition, and other biometric systems, also adding that there's nothing to fear about moving past traditional passwords.

"Instead of asking users to juggle both usability and security, which is complicated, let's provide secure passphrases and allow users to do what they do best: make things easier for themselves. By truly understanding how users think, we can design systems that keep them secure while also being easy to use."