TR-08-20: Multiple Password Interference in Text and Click-Based Graphical Passwords

Abstract

People have difficulty remembering multiple passwords. This results in reduced security as users reuse the same password for different systems or reveal other passwords as they try to log in. It can also lead to reduced privacy, as users may rely on centralized services to manage their passwords. In this paper, we report on a laboratory study comparing recall of multiple ordinary text passwords with recall of multiple click-based graphical passwords. We found that participants in the graphical password condition coped significantly better than those in the text password condition. In particular, they made fewer errors when recalling their passwords, did not resort to creating passwords directly related to account names, and did not use similar passwords across multiple accounts. We suggest that this is due to memory cues offered by graphical passwords which help users to recall their passwords without resorting to insecure coping strategies.

TR-08-20.pdf