Improving multiple-password recall: An empirical study

European Journal of Information Systems

Volumn 18, Issue 2, 2009, Pages 165-176

  Zhang, Jie ^a   Luo, Xin ^b   Akkaladevi, Somasheker ^a   Ziegelmayer, Jennifer ^c  

^a VIRGINIA STATE UNIVERSITY   (United States)

^b UNIVERSITY OF NEW MEXICO   (United States)

^c DELTA STATE UNIVERSITY   (United States)

Author keywords

Authentication; Information security; Memorability; Memory theory; Passwords

Indexed keywords

EID: 67650156801     PISSN: 0960085X     EISSN: 14769344     Source Type: Journal    
DOI: 10.1057/ejis.2009.9     Document Type: Article

References (49)

1. ABDI H (2007) Bonferroni and Sidak corrections for multiple comparisons. In Encyclopedia of Measurement and Statistics (SALKIND NJ, Ed), pp 103-107, Sage, Thousand Oaks, CA.
2. ADAMS Aand SASSE MA (1999) Users are not the enemy. Communications of the ACM 42(12), 41-46.
3. ATKINSON RC and SHIFFRIN RM (1968) Human memory: a proposed system and its control processes. In The Psychology of Learning and Motivation (SPENCE KW and SPENCE JT, Eds), pp 89-195, Academic Press, New York.
4. BELLOVIN S(2006) Unconventional wisdom. IEEE Security & Privacy 4(1), 88.
5. BENBASAT I (1984) An analysis of research methodologies. In The Information Systems Research Challenge (MCFARLAND FW, Ed), pp 47-85, HBS Press, Boston.
6. BISHOP M (1990) A proactive password checker. Technical Report PCS- TR90-152. [WWW document] http://ntrs.nasa.gov/archive/nasa/casi.ntrs.nasa. gov/19920018383-1992018383.pdf.
7. BROWN AS, BRACKEN E, ZOCCOLI Sand DOUGLAS K (2004) Generating and remembering passwords. Applied Cognitive Psychology 18(6), 641-651.
8. CAMPBELL J, KLEEMAN Dand MA W (2007) The good and not so good of enforcing password composition rules. Information Systems Security 16(1), 2-8.
9. CARSTENS DS, MALONE LC and MCCAULEY-BELL P (2006) Applying chunking theory in organizational password guidelines. Journal of Information, Information Technology, and Organizations 1, 97-113.
10. CARSTENS DS, MCCAULEY-BELL PR, MALONE LC and DEMARA RF (2004) Evaluation of the human impact of password authentication practices on information security. Information Science Journal 7(1), 67-85.
11. COHEN J (1988) Statistical Power Analysis for the Behavioral Sciences 2nd edn, Lawrence Erlbaum Associations, New Jersey.
12. CONKLIN A, DIETRICH Gand WALZ D (2004) Password-based authentication: a system perspective. In Proceedings of the 37th Hawaii International Conference on System Sciences, iEEE Computer Society, Washington, DC.
13. CRANOR LF and GARFINKEL S (2004) Secure or usable? IEEE Security & Privacy 2(5), 16-18.
14. CSi (2007) The 12th annual computer crime and security survey. [WWW.document] http://i.cmpnet.com/v2.gocsi.com/pdf/CSiSurvey2007.pdf.
15. DAVELAAR EJ, GOSHEN-GOTTSTEIN Y, ASHKENAZI A, HAARMANN HJ and USHER M (2005) The demise of short-term memory revisited: empirical and computational investigations of recency effects. Psychological Review 112(1), 3-42.
16. DELOITTE (2007) The 2007 technology, media, and telecommunications security survey. [WWW document] http://www.deloitte.com/dtt/ cda/doc/content/dtt-tmt-securitysurvey2007.pdf. DENNIS Aand VALACICH J (2001) Conducting research in information systems. Communications of the AIS 7(5), 1-41.
17. DTI SURVEY (2006) DTI information security breaches survey. [WWW.document] http://wwww.pwc.co.uk/pdf/pwc-dti-fullsurveyresults06.pdf.
18. GAW Sand FELTEN EW (2006) Password management strategies for online accounts. In Proceedings of the 2nd Symposium on Usable Privacy and Security, pp 44-55, ACM Press, New York, USA.
19. GEHRINGER EF (2002) Choosing passwords: security and human factors. In Proceedings of 2002 International Symposium on Technology and Society,(HERKERT JR, Ed) pp 369-373, IEEE Computer Society, Washington, DC.
20. HERTZUM M (2004) Remembering multiple passwords by way of minimal- feedback hints: replication and further analysis. in Proceedings of the Fourth Danish Human-Computer Interaction Research Symposium, (KJELDSKOV J, SKOV MB and STAGE J, Eds) pp 21-24, Aalborg University, Aalborg, Denmark.
21. HERTZUM M (2006) Minimal-feedback hints for remembering passwords. Interactions 13(3), 38-40.
22. INFORMATIONWEEK (2007) 2007 InformationWeek/Accenture Global information security survey. [WWW document] http://www.informationweek.com/ whitepaper/Security/Privacy/2007-informationweek/accenture-global-information- wp1213826038953?articleID=21800009.
23. IVES B, WALSH KR and SCHNEIDER H (2004) The domino effect of password reuse. Communications of the ACM 47(4), 75-78.
24. LU Band TWIDALE MB (2003) Managing multiple passwords and multiple logins: MiFA minimal-feedback hints for remote authentication. In Proceedings of the IFIP INTERACT Conference,(RAUTERBERG M, MENOZZI, Mand WESSON J, Eds) pp 821-824, IOS Press, Zurich.
25. MASSAD Nand BEACHBOARD J (2008) A taxonomy of service failures in electronic retailing. In Proceedings of the 41st Hawaii International Conference on System Sciences, IEEE Computer Society, Washington, DC.
26. MCGRATH JE (1982) Dilemmatics: the study of research choices and dilemmas. In Judgment Calls in Research (MCGRATH JE, MARTIN Jand KULKA RA, Eds), pp 69-102, Sage, Beverly Hills, CA.
27. MILLER GA (1956) The magical number seven, plus or minus two: some limits on our capacity for processing information. Psychological Review 63, 81-97.
28. MULLIGAN Jand ELBIRT AJ (2005) Desktop security and usability trade-offs: an evaluation of password management systems. Information Systems Security 14(2), 10-19.
29. PC MAGAZINE (2007) 10 most common passwords. [WWW document] http://www.pcmag.com/article2/0,2817,2113976,00.asp, 8 May.
30. PCPRO (2007) Password reuse opens door to ID theft. [WWW document] http://www.pcpro.co.uk/news/106758/password-reuse-opens-door-to-id-theft.html.
31. PISTOLSTAR (2006) The myths and realities of domino R6/7 password management. [WWW document] http://managingautomation.bitpipe.com/ detail/RES/1213377135-517.html.
32. PROCTOR RW, LIEN MC, SALVENDY Gand SCHULTZ EE (2000) A task analysis of usability in third-party authentication. Information Security Bulletin 5(3), 49-56.
33. PROCTOR RW, LIEN MC, VU Kpl, SCHULTZ EE and SALVENDY G (2002) improving computer security for authentication of users: influence of proactive password restrictions. Behavior Research Methods, Instruments, & Computers 34(2), 163-169.
34. RAAIJMAKERS J (2003) Spacing and repetition effects in human memory: application of the sAM model. Cognitive Science: A Multidisciplinary Journal 27(3), 431-452.
35. RILEY S (2006) Password security: what users know and what they actually do. Usability News 8(1). [WWW document] http://psychology.wichita.edu/surl/usabilitynews/81/Passwords.asp.
36. RSA (2005) RSA security survey reveals multiple passwords creating security risks and end user frustration. [WWW document] http://www.rsa.com/ press-release.aspx?id = 6095.
37. RSA (2006a) RSA security research shows volume of business passwords overwhelming end users and hindering iT security efforts. [WWW.document] http://www.rsa.com/press-release.aspx?id = 7296.
38. RSA (2006b) Enterprise single sign-on solutions reduce IT helpdesk calls but raise concern amongst security experts, reveals RSA security. [WWW document] http://www.rsa.com/press-release.aspx?id = 6903.
39. RUNDUS DJ (1971) Analysis of rehearsal processes in free recall. Journal of Experimental Psychology 89(1), 63-77.
40. SCHMIDT SR (1991) Can we have a distinctive theory of memory? Memory & Cognition 19(6), 523-542.
41. SIMON HA (1974), How big is a chunk? Science 183(4124), 482-488.
42. SMITH RE (2002) Authentication: From Passwords to Public Keys. Addison-Wesley, Boston, MA.
43. STANTON JM, STAM KR, MASTRANGELO Pand JOLTON J (2005) Analysis of end user security behaviors. Computers & Security 24, 124-133.
44. TALMI D, GRADY C, GOSHEN-GOTTSTEIN Yand MOSCOVITCH M (2005) Neuroimaging the serial position curve: a test of single-store versus dual-store models. Psychological Science 16(9), 716-723.
45. VU Kpl, PROCTOR RW, BHARGAV-SPANTZEL A, TAI Blb, COOK J and SCHULTZ EE (2007) improving password security and memorability to protect personal and organizational information. International Journal of Human-Computer Studies 65, 744-757.
46. WARKENTIN M, DAVIS Kand BEKKERING E (2004) Introducing the check-off password systems (COPS): an advancement in user authentication methods and information security. Journal of Organizational and End User Computing 16(3), 41-58.
47. WIEDENBECK S, WATERS J, BIRGET JC, BRODSKIY Aand MEMON N (2005) Passpoints: design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies 63, 102-127.
48. YAN J, BLACKWELL A, ANDERSON Rand GRANT A(2004) Password memorability and security: empirical results. IEEE Security & Privacy 2(5), 25-31.
49. ZVIRAN Mand ERLICH Z (2006) Identification and authentication: technology and implementation issues. Communications of the Association for Information Systems 17(1), 90-105.