Passwords are a prominent mechanism for user authentication but entail a conflict between ease of use and security in that passwords must be both easy to remember for the password holder and difficult to guess for everybody else. To support users in remembering their passwords minimal-feedback hints for remote authentication (MiFA) provide users with a couple of the password characters when users are prompted for their password. In this study MiFA hints, originally devised by Lu and Twidale (2003), were evaluated by having 14 participants create five passwords each and prompting them for these passwords after one week and after four weeks. With the aid of MiFA hints participants remembered significantly more passwords and were significantly more confident in the correctness of their memory of their passwords than without hints. However, many of the passwords created by the participants were weak, for example a word followed by one or more digits, and vulnerable to dictionary attacks.
Proceedings of the Fourth Dansih Human-computer Interaction Research Symposium, 2004, p. 21-24
security; passwords; minimal-feedback hints
Main Research Area:
Danish Human-Computer Interaction Research Symposium, 2004