Abstract or Summary:
Passphrases are regarded as more secure than passwords because they are longer than passwords. Yet, users use predictable word patterns and common phrases to make passphrases memorable, which in turn significantly lowers security. We explore a novel approach to make passphrases more memorable and more secure through use of mnemonics – multi-letter abbreviations of passphrases, made of the first letters of each word in a passphrase. We use mnemonics during authentication as user hints to aid recall. We also explore use of mnemonics to guide passphrase creation – we generate a random mnemonic and require a user to produce a passphrase, which matches it. This guides the users away from common phrases and improves security. We evaluate these uses of mnemonics in several IRB-approved user studies with participants from Amazon Mechanical Turk. We find that mnemonics displayed as authentication hints increase recall of passphrases by 30–36% after three days, and by 51–74% after seven days. When used to guide passphrase creation, mnemonics reduce the use of common phrases from 52% to under 5%, while passphrase recall remains high. Users also rate usability of passphrases with mnemonics (for creation or for authentication) higher than usability of classical passphrases.

PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=aC7HVtNKIpY