Promoting Memorability and Security of Passwords Through Sentence Generation

Abstract

Much of our personal information flows through the Internet as we receive online services or make online transactions, making it essential to have reliable security systems to protect against information theft, denial of service, and fraud. The most commonly used method for authentication and identification is entering the username-password combination. However, this method is weak because users select passwords that are easy to remember and easy to crack. We evaluated a sentence-generation method designed to improve recall and security. The sentence-generation method produced crack-resistant passwords when the users were instructed to embed a digit and special character into the sentence (and password). However, the requirements of including a digit and special character also resulted in a cost in the memorability of the password. An analysis of errors identified three areas of research that may develop techniques that promote better recall of passwords using this sentence-generation method.