Memorability of Alphanumeric and Composite Scene Authentication (CSA) Passcodes Over Extended Retention Intervals

Abstract

Current authentication strategies seek to increase security by requiring users to create more secure alphanumeric passwords. Unfortunately, the inverse relationship between alphanumeric password security and memorability prevents users from being able to create a password that is both secure and memorable. Graphical user authentication mechanisms have been explored as a means to maintain security while enhancing memorability of passcodes. Current approaches often use unrelated picture sets from which participants have to remember a subset, with mixed results. The study outlined in this paper seeks to further validate the Composite Scene Authentication (CSA) graphical passcode mechanism (Johnson & Werner, 2006). Extending retention intervals and increasing the variability of stimuli clearly demonstrated the superiority of CSA over alphanumerical passwords. In addition, we manipulated the mode of presentation (serial vs. composite) to assess the memorability of stimuli presented in different temporal formats. In the current study CSA passcodes consisting of nine categorical dimensions were compared to nine character alphanumeric passwords. Participants showed a strong advantage in passcode retention of graphical passcodes for both modes of presentation. This effect grew larger with increasing retention intervals. At the longest retention interval (6 weeks), only 10 (12%) participants were able to produce their alphanumerical password vs. 50 (60%) participants who were still able to produce the correct graphical passcode.