Individuals own more and more online accounts to perform various tasks in their daily life. As such, users have been increasing their usage of passwords to access those online accounts. Because of the difficulties in remembering multiple passwords, users often employ risky password behaviours such as password reuse, writing passwords down, choosing weak passwords, and not changing passwords regularly.
There are alternatives such as password managers and biometrics to help users manage their passwords without having to remember it. However, several studies found that the use of password managers has been limited.
Unlike previous research focusing on repetition/rehearsal as a means of increasing memorability, this study focuses on password verification—a part of the password creation stage—where the user is asked, after creating his or her password, to re-enter it. Naomi Woods and Mikko Siponen hypothesize that increasing the number of times a user is required to verify their password could have a positive effect on the memorability of that password.
Through an experimental design involving participants creating and recalling passwords on a web-based system, the authors examine the effects of three experimental conditions (verifying passwords x1, x2, x3) on password recall and user convenience in checking passwords at the creation stage.
Ninety participants completed the entire study and were allocated into three groups: control group (verification x1 (N=30)), and two experimental groups: (verification x2 (N=30), and verification x3 (N=30)).
The findings of the experiment showed that verifying passwords three times increases password memorability by 28% when compared with verifying passwords just once. Even increasing the verification to only two times increased password memorability by 17%. These results are significant, especially for the amount of change or difference between the three conditions, i.e., one or two extra verification times.
The results of the study suggest that small increases in password verification do not have a notable effect on the levels of inconvenience experienced by the user. Not only user convenience levels were similar across all three groups, but the number of times of verification did not equate to a decrease in user convenience. Several participants reported that they felt that through repeating the verification stage, it was “helping” their memory.
This study has important implications as it suggests that increased numbers of password verification can increase password memorability.
