The Forgotten Password: A Solution to Selecting, Securing and Remembering Passwords
Filmer-Clark, T. J. (2008). The Forgotten Password: A Solution to Selecting, Securing and Remembering Passwords (Thesis, Master of Social Sciences (MSocSc)). The University of Waikato, Hamilton, New Zealand. Retrieved from http://hdl.handle.net/10289/3269
Permanent Research Commons link: http://hdl.handle.net/10289/3269
Internet passwords are required of us more and more. Personal experienceand research shows us that it is difficult to create and remember unique passwordsthat meet security requirements. This study tested a unique method of passwordgeneration based on a selection of mnemonic aids aimed at increasing theusability, security and memorability of passwords. Fifty-one engineers,accountants and university students aged between 17 - 61 years participated in thestudy. They were randomly assigned to one of three groups: mnemonic, self-selectionand random. All passwords in the study had to meet the followingcriteria: they had to be unique, at least eight characters long with a mixture ofletters and numbers, and not include complete words or personal identifiers,sequential or repetitive numbers, and the passwords could not be written down orrecorded anywhere. The mnemonic group created passwords based on a variety of mnemonic processes, the self-selection group generated passwords that complied with the above criteria, and the random group were assigned randompasswords generated by the experimenter. Password recall was tested online oncea week for three weeks, and then the passwords were renewed, with participantsstaying within the same groups for the length of the study. The second passwordwas tested weekly for three weeks, then the passwords were renewed for the thirdand final time and tested for a further three weeks. The expectation was that theuse of mnemonics in password creation would improve accurate recall ofpasswords, more so than if the password was 'self-selected' or a random passwordwas assigned. The results showed that participants in the mnemonic group wereable to accurately recall all three passwords significantly more often thanparticipants in the self-selection and random groups. Furthermore, passwordscreated by the mnemonic group were more secure than passwords created by theself-selection group, as their passwords generated had a greater number ofcharacters in them, slightly larger alphabet size, and a higher degree of entropy.The results are discussed in terms of the practical relevance of the findings.
The University of Waikato
All items in Research Commons are provided for private study and research purposes and are protected by copyright with all rights reserved unless otherwise indicated.
- Masters Degree Theses