Forgetting of passwords: Ecological theory and data
Loading...
Access rights
openAccess
URL
Journal Title
Journal ISSN
Volume Title
A4 Artikkeli konferenssijulkaisussa
This publication is imported from Aalto University research portal.
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)
Date
2018
Major/Subject
Mcode
Degree programme
Language
en
Pages
221-238
Series
Proceedings of the 27th USENIX Security Symposium
Abstract
It is well known that text-based passwords are hard to remember and that users prefer simple (and non-secure) passwords. However, despite extensive research on the topic, no principled account exists for explaining when a password will be forgotten. This paper contributes new data and a set of analyses building on the ecological theory of memory and forgetting. We propose that human memory naturally adapts according to an estimate of how often a password will be needed, such that often used, important passwords are less likely to be forgotten. We derive models for login duration and odds of recall as a function of rate of use and number of uses thus far. The models achieved a root-mean-square error (RMSE) of 1.8 seconds for login duration and 0.09 for recall odds for data collected in a month-long field experiment where frequency of password use was controlled. The theory and data shed new light on password management, account usage, password security and memorability.Description
Keywords
Other note
Citation
Gao, X, Yang, Y, Liu, C, Mitropoulos, C, Lindqvist, J & Oulasvirta, A 2018, Forgetting of passwords: Ecological theory and data . in Proceedings of the 27th USENIX Security Symposium . USENIX -The Advanced Computing Systems Association, pp. 221-238, USENIX Security Symposium, Baltimore, Maryland, United States, 15/08/2018 . < https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-gao.pdf >