Consonant-Vowel-Consonants for Error-Free Code Entry

  • Nikola K. BlanchardEmail author
  • Leila Gabasova
  • Ted Selker
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11594)


Codes and passwords are the bane of user experiences: even small mistakes can delay desired activities, causing undue frustration. Work on codes has focused on security instead of people’s ability to enter them error-free. Difficulties observed in a security demonstration motivated this investigation of code transcription difficulty. A pilot study with 33 subjects and a follow-up study with 267 subjects from 24 countries measured performance and preference for codes of varying lengths, patterns, and character sets.

We found that, for users of all languages, long codes with alternating consonant - vowel patterns were more accurately transcribed and are preferred over shorter numeric or alphabetic codes. Mixed-case and alphanumeric character sets both increased transcription errors.

The proposed CVC6 code design composed of six Consonant-Vowel-Consonant trigrams is faster to enter, more secure, preferred by users, and more impervious to user error when compared to codes typically used for security purposes. An extension integrates error detection and correction, essentially eliminating typos.


Usable-security Error correcting codes Authentication User study 


  1. 1.
    Acquisti, A., et al.: Nudges for privacy and security: understanding and assisting users choices online. ACM Comput. Surv. 50(3), 1–41 (2017)CrossRefGoogle Scholar
  2. 2.
    Adsett, C.R., Marchand, Y.: Syllabic complexity: a computational evaluation of nine European languages. J. Quant. Linguist. 17(4), 269–290 (2010). Scholar
  3. 3.
    Bellezza, F.S.: Mnemonic devices and memory schemas. In: McDaniel, M.A., Pressley, M. (eds.) Imagery and Related Mnemonic Processes, pp. 34–55. Springer, New York (1987). Scholar
  4. 4.
    Bernard, M., Liao, C.H., Mills, M.: The effects of font type and size on the legibility and reading time of online text by older adults. In: CHI 2001 Extended Abstracts on Human Factors in Computing Systems, CHI EA 2001, pp. 175–176. ACM, New York (2001).
  5. 5.
    Blanchard, N.K.: Building trust for sample voting. International Journal of Decision Support System Technology (2018)Google Scholar
  6. 6.
    Borleffs, E., Maassen, B.A.M., Lyytinen, H., Zwarts, F.: Measuring orthographic transparency and morphological-syllabic complexity in alphabetic orthographies: a narrative review. Read. Writ. 30(8), 1617–1638 (2017). Scholar
  7. 7.
    Brostoff, S., Sasse, M.A.: Are passfaces more usable than passwords? a field trial investigation. In: McDonald, S., Waern, Y., Cockton, G. (eds.) People and Computers XIV – Usability or Else!, pp. 405–424. Springer, London (2000). Scholar
  8. 8.
    Burr, W.E., et al.: Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology - Special Publication 800–63-1. CreateSpace Independent Publishing Platform, USA, U.S. Department of Commerce and National Institute of Standards and Technology (2012)Google Scholar
  9. 9.
    Cao, K., Jain, A.K.: Hacking mobile phones using 2D printed fingerprints. Technical report, Michigan State University (2016)Google Scholar
  10. 10.
    Cranor, L.F.: Time to rethink mandatory password changes (2016).
  11. 11.
    Garfinkel, S., Lipford, H.R.: Usable Security: History, Themes, and Challenges. Synthesis Lectures on Information Security, Privacy, and Trust. Morgan & Claypool Publishers, San Rafael (2014). Scholar
  12. 12.
    Grissinger, M.: Avoiding confusion with alphanumeric characters. Pharm. Ther. 37(12), 663–665 (2012)Google Scholar
  13. 13.
    Hausawi, Y.M., Allen, W.H.: An assessment framework for usable-security based on decision science. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 33–44. Springer, Cham (2014). Scholar
  14. 14.
    Huh, J.H., Kim, H., Bobba, R.B., Bashir, M.N., Beznosov, K.: On the memorability of system-generated pins: Can chunking help? In: Eleventh Symposium On Usable Privacy and Security (SOUPS 2015), pp. 197–209. USENIX Association, Ottawa (2015)Google Scholar
  15. 15.
    Ives, B., Walsh, K.R., Schneider, H.: The domino effect of password reuse. Commun. ACM 47(4), 75–78 (2004). Scholar
  16. 16.
    Keren, G., Baggen, S.: Recognition models of alphanumeric characters. Percept. Psychophys. 29(3), 234–246 (1981)CrossRefGoogle Scholar
  17. 17.
    de Leeuw, K.M.M., Bergstra, J.: The History of Information Security: A Comprehensive Handbook. Elsevier Science, Amsterdam (2007). Scholar
  18. 18.
    McCabe, J.A.: Learning and memory strategy demonstrations for the psychology classroom (2014).
  19. 19.
    Norman, D.A., Fisher, D.: Why alphabetic keyboards are not easy to use: keyboard layout doesn’t much matter. Hum. Factors 24(5), 509–519 (1982). Scholar
  20. 20.
    Pilar, D.R., Jaeger, A., Gomes, C.F.A., Stein, L.M.: Passwords usage and human memory limitations: a survey across age and educational background. PLoS One 7(12), (2012). pONE-D-12-21406[PII]CrossRefGoogle Scholar
  21. 21.
    Reddy, P.V., Kumar, A., Rahman, S., Mundra, T.S.: A new antispoofing approach for biometric devices. IEEE Trans. Biomed. Circuits Syst. 2(4), 328–37 (2008)CrossRefGoogle Scholar
  22. 22.
    Ruiz-Albacete, V., Tome-Gonzalez, P., Alonso-Fernandez, F., Galbally, J., Fierrez, J., Ortega-Garcia, J.: Direct attacks using fake images in iris verification. In: Schouten, B., Juul, N.C., Drygajlo, A., Tistarelli, M. (eds.) BioID 2008. LNCS, vol. 5372, pp. 181–190. Springer, Heidelberg (2008). Scholar
  23. 23.
    Schiller, N.O.: Masked priming of sublexical units segments vs syllables. In: Steiner, F. (ed.) Advances in Phonetics : Proceedings of the International Phonetic Sciences Conference (IPS) (1999)Google Scholar
  24. 24.
    Shay, R., et al.: Correct horse battery staple: exploring the usability of system-assigned passphrases. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, p. 7. ACM (2012)Google Scholar
  25. 25.
    Shay, R., et al.: Designing password policies for strength and usability. ACM Trans. Inf. Syst. Secur. 18(4), 1–34 (2016). Scholar
  26. 26.
    Shay, R., et al.: Encountering stronger password requirements: user attitudes and behaviors. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS 2010, pp. 1–20. ACM, New York (2010).
  27. 27.
    Smith, D.F., Wiliem, A., Lovell, B.C.: Face recognition on consumer devices: reflections on replay attacks. IEEE Trans. Inf. Forensics Secur. 10, 736–745 (2015)CrossRefGoogle Scholar
  28. 28.
    Stenton, A.: The contribution of the computer to improving L2 oral production. an examination of the applied and theoretical research behind the swans authoring programme. Etudes en Didactique des Langues (19) (2012)Google Scholar
  29. 29.
    Ur, B., et al.: Design and evaluation of a data-driven password meter. In: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems, CHI 2017, pp. 3775–3786. ACM, New York (2017)Google Scholar
  30. 30.
    Ur, B., Bees, J., Segreti, S.M., Bauer, L., Christin, N., Cranor, L.F.: Do users’ perceptions of password security match reality? In: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems, CHI 2016, pp. 3748–3760. ACM, New York (2016)Google Scholar
  31. 31.
    Whitman, M.E., Mattord, H.J.: Principles of Information Security, 4th edn. Course Technology Press, Boston (2011)Google Scholar
  32. 32.
    Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2(5), 25–31 (2004). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Nikola K. Blanchard
    • 1
    Email author
  • Leila Gabasova
    • 2
  • Ted Selker
    • 3
  1. 1.Institut de Recherche en Informatique Fondamentale, Université Paris DiderotParisFrance
  2. 2.Institut de Planétologie et d’Astrophysique de GrenobleSaint-Martin-d’HéresFrance
  3. 3.University of MarylandBaltimore CountyUSA

Personalised recommendations