View all articles in this issue
Memory for Passwords: The Effects of Varying Number, Type, and Composition
Download this article for $1.00 (FREE for Members)
by Lindsey Payton - University of Akron
For optimal security, computer scientists recommend using long (at least 8 character)
passwords containing randomly ordered, lower case letters, numbers, and capital
letters. In the laboratory and more realistic longer term tests, I tested the effects
of some of these recommendations on participants’ memory. Not surprisingly, longer
passwords were less likely recalled than shorter ones, and accuracy for remembering
random passwords was much lower than for remembering words. However, memory accuracy
for letter strings constructed to be similar to words, both in letter frequency
and in letter-to-letter transition probabilities, was not much lower than accuracy
for words. Such pseudowords are not as secure as random passwords, but they are
not susceptible to dictionary attack. The findings suggest that both memorability
and security are important to consider in constructing useful passwords.
Winter 2010 | Psi Chi Journal of Undergraduate Research (Vol. 15, No. 4, p. 209), published by Psi Chi, The International Honor Society in Psychology (Chattanooga, TN). Copyright, 2010, Psi Chi, The International Honor Society in Psychology. All rights reserved.