7.1. IntroductionMany of the deficiencies of password authentication systems arise from the limitations of human memory. If humans were not required to remember the password, a maximally secure textual password would be one with maximum entropy: it would consist of a string as long as the system allows, made up of characters selected from all those allowed by the system, and in a manner that provides no redundancy that is, a totally random selection. Each of these requirements is contrary to a well-known property of human memory:
Password authentication, therefore, appears to involve a tradeoff. Some passwords are very easy to remember (e.g., single words in the user's native language) but also very easy to guess with dictionary searches. In contrast, some passwords are very secure against guessing but are difficult to remember. In the latter case, the security of a superior password may be compromised as a result of human limitations, because the user may keep an insecure written record of it or resort to insecure backup authentication procedures after forgetting it.[6]
In 1999, we started an empirical study investigating this tradeoff in the context of an actual population of password users. Research in cognitive psychology has defined many limits of human performance in laboratory settings where experimental subjects are required to memorize random and pseudorandom sequences of symbols. However, it is very difficult to generalize from such research to password users, who can select the string themselves, are able to rehearse it while memorizing, and need to recall it at regular intervals over a long period of time. We show that this user context allows the exploitation of mnemonic strategies for password memorization. Many successful mnemonic techniques can be used to achieve impressive performance when memorizing apparently random sequences. Password alternatives such as passfaces exploit superior human memory for faces, for example.[7] However, instead of changing the password authentication procedure, we investigate changing the advice that is given to the user when selecting a password.
|