Forgetting of passwords: Ecological theory and data

Xianyi Gao, Yulong Yang, Can Liu, Christos Mitropoulos, Janne Lindqvist, Antti Oulasvirta

Tutkimustuotos: Artikkeli kirjassa/konferenssijulkaisussaConference contributionScientificvertaisarvioitu

170 Lataukset (Pure)

Abstrakti

It is well known that text-based passwords are hard to remember and that users prefer simple (and non-secure) passwords. However, despite extensive research on the topic, no principled account exists for explaining when a password will be forgotten. This paper contributes new data and a set of analyses building on the ecological theory of memory and forgetting. We propose that human memory naturally adapts according to an estimate of how often a password will be needed, such that often used, important passwords are less likely to be forgotten. We derive models for login duration and odds of recall as a function of rate of use and number of uses thus far. The models achieved a root-mean-square error (RMSE) of 1.8 seconds for login duration and 0.09 for recall odds for data collected in a month-long field experiment where frequency of password use was controlled. The theory and data shed new light on password management, account usage, password security and memorability.
AlkuperäiskieliEnglanti
OtsikkoProceedings of the 27th USENIX Security Symposium
KustantajaUSENIX : THE ADVANCED COMPUTING SYSTEMS ASSOCIATION
Sivut221-238
ISBN (elektroninen)978-1-931971-46-1
TilaJulkaistu - 2018
OKM-julkaisutyyppiA4 Artikkeli konferenssijulkaisuussa
TapahtumaUSENIX Security Symposium - Baltimore, Yhdysvallat
Kesto: 15 elokuuta 201817 elokuuta 2018
Konferenssinumero: 27

Conference

ConferenceUSENIX Security Symposium
MaaYhdysvallat
KaupunkiBaltimore
Ajanjakso15/08/201817/08/2018

Sormenjälki Sukella tutkimusaiheisiin 'Forgetting of passwords: Ecological theory and data'. Ne muodostavat yhdessä ainutlaatuisen sormenjäljen.

Siteeraa tätä