Password Memorability

Password Memorability

  • Comments 2
My good friend, Anil, has some interesting observations on passwords, our capacity to remember them, and validation. But as I've noted before, validation and password complexity, even using mnemonics to make them easier to remember, doesn't always serve us well. I'm tending towards passphrases, myself.
  • Andrew RE: Pass Phrases. As we all know some systems arbitrarily limit the number of characters that you can use in the password field. The empirical results showed that the use of mnemonic triggers actually allowed people to remember a complex password and that it was not any more difficult that remembering a randomly chosen password.

    So one of the major points to keep in mind here is that it is indeed possible to have a secure password without resorting to a large character set .. a la pass phrase.
  • "As we all know some systems arbitrarily limit the number of characters that you can use in the password field."

    Yup. And I think that's a bad idea and can cause more problems than it solves. So rather than tailoring our lives around arbitrary limitations, why not push for their removal instead?

    "The empirical results showed that the use of mnemonic triggers actually allowed people to remember a complex password and that it was not any more difficult that remembering a randomly chosen password."

    But that does not address the question of whether it is more difficult to create and remember a complex password using mnemonics than it would be to come up with an easily remembered passphrase. Absent the arbitrary limitations imposed by some systems, it might be possible to test this as well.

    In the end, I don't think anyone's arguing that it's not *possible* to create a secure password that can be remembered without making it long. The argument is that complexity is only required because of the arbitrarily short password length in use on most systems, and it is this complexity that makes it harder to remember the passwords. Passphrases address both of these issues head-on.
Page 1 of 1 (2 items)