Contextualizing Mnemonic Phrase Passwords

  • Pete McEvoy
  • Jeremiah D. Still
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 501)


Our society depends on password-based authentication methods for accessing valuable information. However, the use of weak passwords is placing us at risk. Cyber security systems encourage users to employ strong passwords often by increasing requirements. Unfortunately, using a strong password requires more cognitive effort. This increase in effort pushes users to find workarounds that directly harm security. The paradox between security and usability has often resulted in simply blaming users rather than seeking a Human-Centered Design perspective. We introduce a strategy for developing strong passwords that embed contextual cues within mnemonic phrase passwords. Using this strategy participants were able to create strong passwords and better remember them compared with a traditional mnemonic strategy.


Usable security Authentication Human memory Human-centered-design 



This research was supported by the Psychology of Design laboratory. We thank V.S. for creating the password validation application and Carnegie Mellon University for the use of the PGS.


  1. 1.
    DeWitt, A.J., Kuljis, J.: Is usable security an oxymoron? Interactions 13(3), 41–44 (2006)CrossRefGoogle Scholar
  2. 2.
    Vidyaraman, S., Chandrasekaran, M., Upadhyaya, S.: Position: the user is the enemy. In: Proceedings of the 2007 Workshop on New Security Paradigms, 75–80. ACM, New York, NY, USA (2008)Google Scholar
  3. 3.
    Forget, A., Chiasson, S., Biddle, R.: Helping users create better passwords: is this the right approach? Proceedings of the 3rd Symposium on Usable Privacy and Security, pp. 151–152. ACM, New York, NY, USA (2007)CrossRefGoogle Scholar
  4. 4.
    Protalinski, E, Zero Day, ZDNet Security Newsletter: The top 10 passwords from the Yahoo hack: Is yours one of them? (2012).
  5. 5.
    Schneier, B.: Schneier on security: real-world passwords (2006).
  6. 6.
    Quinion, M.: World wide words: how many words? (2000).
  7. 7.
    Schneier, B.: Myspace passwords aren’t so dumb (2006).
  8. 8.
    Thomson, D.M., Tulving, E.: Associative encoding and retrieval weak and strong cues. J. Exp. Psychol. 86(2), 255–262 (1970)CrossRefGoogle Scholar
  9. 9.
    Tulving, E., Thomson, D.M.: Encoding specificity and retrieval processes in episodic memory. Psychol. Rev. 80(5), 352 (1973)CrossRefGoogle Scholar
  10. 10.
    Miller, G.A.: The magical number seven, plus or minus two: Some limits on our capacity for processing information. Psychol. Rev. 63, 81–97 (1956)CrossRefGoogle Scholar
  11. 11.
    Mathy, F., Feldman, J.: What’s magic about magic numbers? Chunking and data compression in short-term memory. Cognition 122(3), 346–362 (2012)CrossRefGoogle Scholar
  12. 12.
    Cowan, N.: The magical number 4 in short-term memory: a reconsideration of mental storage capacity. Behav. Brain Sci. 24(01), 154–176 (2000)Google Scholar
  13. 13.
    Gobet, F., Lane, P.C.R., Croker, S., Cheng, P.C.-H., Jones, G., Oliver, I., Pine, J.M.: Chunking mechanisms in human learning. Trends Cogn. Sci. 5(6), 236–243 (2001)CrossRefGoogle Scholar
  14. 14.
    Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2(5), 3–25 (2000)Google Scholar
  15. 15.
    Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. Mag. 2(5), 25–31 (2004)CrossRefGoogle Scholar
  16. 16.
    Forget, A., Biddle, R.: Memorability of persuasive passwords. In CHI ’08 Extended Abstracts on Human Factors in Computing Systems, pp. 3759–3764. ACM, New York, NY, USA (2008)Google Scholar
  17. 17.
    Ur, B., Segreti, S. M., Bauer, L., Christin, N., Cranor, L. F., Komanduri, S., Shay, R.: Measuring real-world accuracies and biases in modeling password guessability. In: Proceedings of the USENIX Security (2015)Google Scholar
  18. 18.
    Kuo, C., Romanosky, S., Cranor, L.F.: Human selection of mnemonic phrase-based passwords. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 67–78. ACM, New York, NY, USA (2006)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Department of EngineeringSan Jose State UniversitySan JoseUSA
  2. 2.Department of PsychologyOld Dominion UniversityNorfolkUSA

Personalised recommendations