On the Memorability of System-Generated PINs: Can Chunking Help?
Author(s): Jun Ho Huh, Hyoungshick Kim, Rakesh B. Bobba, Masooda Bashir, Konstantin Beznosov

Date: July 2014
Publication: Symposium on Usable Privacy and Security (SOUPS) 2014
Publisher: SOUPS
Source 1: http://cups.cs.cmu.edu/soups/2014/workshops/papers/chunking_huh_11.pdf

Abstract or Summary:
To ensure that users do not choose weak personal identification numbers (PINs), many banks give out system-generated PINs, using computers to generate random PINs. 4-digit is the most commonly used PIN length, but 6-digit system-generated PINs are also becoming popular. The increased security we get from using system-generated PINs, however, comes at the cost of memorability. And while banks are increasingly adopting system generated, and longer (than traditional 4-digit) PINs, the impact on memorability of such PINs is not really known.

We conducted a large-scale online user study to investigate how memorability can be affected by increasing the PIN length, and how number chunking techniques (breaking a single number into multiple smaller numbers) can be applied to improve memorability. Our study shows that system-generated 4-digit PINs outperform 6-, 7-, and 8-digit PINs in long-term memorability, but that there is no significant difference between 6-, 7-, and 8-digit PINs. Our results also show that chunking can improve memorability of system-generated PINs. For example, 8-digit PINs broken into three chunks of 2-2-4 digits (00000000) outperformed non-chunked 6-, 7-, and 8-digit PINs in long-term memorability, without much increase in the time taken to authenticate. Our study shows that chunking is a cheap, practical, yet effective solution that can be implemented with a few small modifications on the front-end user interface.

Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com