Do you frequently forget passwords to a baffling array of accounts and websites? Much depends on a password’s importance and how often you use it, according to a Rutgers University-New Brunswick-led study that could spur improved password technology and use.
“Websites focus on telling users if their passwords are weak or strong, but they do nothing to help people remember passwords,” said Janne Lindqvist, study co-author and assistant professor in the Department of Electrical and Computer Engineering in the School of Engineering.
“Our model could be used to predict the memorability of passwords, measure whether people remember them and prompt password system designers to provide incentives for people to log in regularly,” Lindqvist said. “Logging in more often helps people remember passwords.”
It’s well-known that text-based passwords are hard to remember and people prefer simple, unsecure passwords. The study found evidence that human memory naturally adapts based on an estimate of how often a password will be needed. Important, frequently used passwords are less likely to be forgotten, and system designers need to consider the environment in which passwords are used and how memory works over time.
“Many people struggle with passwords because you need a lot of them nowadays,” Lindqvist said. “People get frustrated. Our major findings include that password forgetting aligns well with one of the psychological theories of memory and predicting forgetting of passwords.
The peer-reviewed study by researchers at Rutgers-New Brunswick and Aalto University in Finland was formally published last month at the 27th USENIX Security Symposium in Baltimore, Maryland. The symposium – a tier-1 international conference – covered novel and scientifically significant practical advances in computer security.