Internet passwords are required of us more and more. Personal experience
and research shows us that it is difficult to create and remember unique passwords
that meet security requirements. This study tested a unique method of password
generation based on a selection of mnemonic aids aimed at increasing the
usability, security and memorability of passwords. Fifty-one engineers,
accountants and university students aged between 17 - 61 years participated in the
study. They were randomly assigned to one of three groups: mnemonic, self-selection
and random. All passwords in the study had to meet the following
criteria: they had to be unique, at least eight characters long with a mixture of
letters and numbers, and not include complete words or personal identifiers,
sequential or repetitive numbers, and the passwords could not be written down or
recorded anywhere. The mnemonic group created passwords based on a variety of mnemonic processes, the self-selection group generated passwords that complied with the
above criteria, and the random group were assigned random
passwords generated by the experimenter. Password recall was tested online once
a week for three weeks, and then the passwords were renewed, with participants
staying within the same groups for the length of the study. The second password
was tested weekly for three weeks, then the passwords were renewed for the third
and final time and tested for a further three weeks. The expectation was that the
use of mnemonics in password creation would improve accurate recall of
passwords, more so than if the password was 'self-selected' or a random password
was assigned. The results showed that participants in the mnemonic group were
able to accurately recall all three passwords significantly more often than
participants in the self-selection and random groups. Furthermore, passwords
created by the mnemonic group were more secure than passwords created by the
self-selection group, as their passwords generated had a greater number of
characters in them, slightly larger alphabet size, and a higher degree of entropy.
The results are discussed in terms of the practical relevance of the findings.
