Forgetting of passwords: Ecological theory and data
| dc.contributor | Aalto-yliopisto | fi |
| dc.contributor | Aalto University | en |
| dc.contributor.author | Gao, Xianyi | en_US |
| dc.contributor.author | Yang, Yulong | en_US |
| dc.contributor.author | Liu, Can | en_US |
| dc.contributor.author | Mitropoulos, Christos | en_US |
| dc.contributor.author | Lindqvist, Janne | en_US |
| dc.contributor.author | Oulasvirta, Antti | en_US |
| dc.contributor.department | Department of Communications and Networking | en |
| dc.contributor.groupauthor | Helsinki Institute for Information Technology (HIIT) | en |
| dc.contributor.groupauthor | User Interfaces | en |
| dc.contributor.organization | Rutgers, The State University of New Jersey | en_US |
| dc.date.accessioned | 2019-02-25T08:41:24Z | |
| dc.date.available | 2019-02-25T08:41:24Z | |
| dc.date.issued | 2018 | en_US |
| dc.description.abstract | It is well known that text-based passwords are hard to remember and that users prefer simple (and non-secure) passwords. However, despite extensive research on the topic, no principled account exists for explaining when a password will be forgotten. This paper contributes new data and a set of analyses building on the ecological theory of memory and forgetting. We propose that human memory naturally adapts according to an estimate of how often a password will be needed, such that often used, important passwords are less likely to be forgotten. We derive models for login duration and odds of recall as a function of rate of use and number of uses thus far. The models achieved a root-mean-square error (RMSE) of 1.8 seconds for login duration and 0.09 for recall odds for data collected in a month-long field experiment where frequency of password use was controlled. The theory and data shed new light on password management, account usage, password security and memorability. | en |
| dc.description.version | Peer reviewed | en |
| dc.format.mimetype | application/pdf | en_US |
| dc.identifier.citation | Gao, X, Yang, Y, Liu, C, Mitropoulos, C, Lindqvist, J & Oulasvirta, A 2018, Forgetting of passwords: Ecological theory and data . in Proceedings of the 27th USENIX Security Symposium . USENIX -The Advanced Computing Systems Association, pp. 221-238, USENIX Security Symposium, Baltimore, Maryland, United States, 15/08/2018 . < https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-gao.pdf > | en |
| dc.identifier.isbn | 978-1-931971-46-1 | |
| dc.identifier.other | PURE UUID: 1a5171a6-e233-415f-9d8c-325472c87f09 | en_US |
| dc.identifier.other | PURE ITEMURL: https://research.aalto.fi/en/publications/1a5171a6-e233-415f-9d8c-325472c87f09 | en_US |
| dc.identifier.other | PURE LINK: https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-gao.pdf | en_US |
| dc.identifier.other | PURE FILEURL: https://research.aalto.fi/files/31644223/ELEC_Gao_et_al_Forgetting_passwords_UsenixSS.pdf | en_US |
| dc.identifier.uri | https://aaltodoc.aalto.fi/handle/123456789/36659 | |
| dc.identifier.urn | URN:NBN:fi:aalto-201902251816 | |
| dc.language.iso | en | en |
| dc.relation.ispartof | USENIX Security Symposium | en |
| dc.relation.ispartofseries | Proceedings of the 27th USENIX Security Symposium | en |
| dc.relation.ispartofseries | pp. 221-238 | en |
| dc.rights | openAccess | en |
| dc.title | Forgetting of passwords: Ecological theory and data | en |
| dc.type | A4 Artikkeli konferenssijulkaisussa | fi |
| dc.type.version | publishedVersion |