Understanding our memory to increase password memorability

Users acquire more online accounts in their personal and working lives. Therefore, users might indulge in practices such as password reuse, writing down passwords, sharing passwords or choosing weak passwords to be able to remember multiple passwords. These practices might be perceived as more convenient in terms of money, time, and convenience.

There are several steps involved in remembering passwords: the user has to learn the password successfully; the user has to retain the password; and finally, the user has to recall the password successfully.

In their study, Naomi Woods and Mikko Siponen rely on two concepts: the individual’s self-believe about memory and metamemory. An Individual’s self-believe about memory refers to the belief that one will remember the information. This belief can influence how one behaves in a memory-demanding situation, which can govern their performance.

Metamemory can be defined as the knowledge and awareness of our cognitive processes about memory and includes factors of knowledge, beliefs, and behaviours related to memory. Metamemory is the ability to reflect on one’s memory functioning and memory processes. The Metamemory in Adulthood (MIA) questionnaire is a standardized questionnaire that is the most frequently used methods of measuring metamemory, and encompasses seven constructs:

  • The construct of Strategy refers to the memory strategies a person can use to aid learning and memory retrieval. For example, the construct startegy will refers to the strategy used by a user to remember a password correctly.
  • The construct of Task indicates a person’s understanding of their basic memory processes. More interesting information will be easier to remember than the information less interesting. When it comes to passwords, passwords with more meaning are easier to remember.
  • The construct of Capacity represents a person’s perceptions of their memory capacity and performance. If a person thinks that their memory capacity is limited, then their memory performance will also be limited.
  • The construct of Change indicates to the perception of the change in one’s memory capabilities. As people get older, variations in memory capability can occur. Perceptions of this change are related to memory performance.
  • The construct of Anxiety refers to the users ’perceived anxiety towards remembering informations. Increased levels of anxiety are related to low memory performance.
  • The construct of Achievement represents the perception of one’s motivation to perform well in memory tasks. When a user is motivated towards remembering passwords, his/her memory will perform better.
  • Locus refers to the perceived sense of control over memory skills. If a person believes they have less control over their memory functioning, this can affect their memory performance.

The authors argued that the recall of multiple passwords is not related to users ’memory capabilities but is instead related to the seven constructs of metamemory.

The authors conducted a two-part study involving participants from a university in Finland. In the first part of the study, researchers examined recall and password metamemory through a website designed for creating and recalling passwords. In the second par tof the study, the researchers tested participants ’memory performance and metamemory.

For the first study, the authors questioned whether there are other factors involved in poor password recall. The study found that metamemory could not predict correct password recall. This result means that understanding memory retrieval strategies, the persons ’memory capacity and performance, knowledge of how the memory works in general, can predict memory performance, but not password correct recall.

In the second study, when looking at the seven constructs of metamemory, the authors found that constructs of Capacity, Locus, Achievement, and Task could predict correct password recall. However, the construct of Anxiety did not predict password recall.

To cite: Woods, N. and Siponen, M. (2018). Too many passwords? How understanding our memory can increase password memorability. International Journal of Human-Computer Studies, 111, 36-48.