Question-and-answer passwords: An empirical evaluation

作者:

Highlights:

摘要

This paper evaluates two question-and-answer password techniques and suggests the use of either cognitive or associative passwords as methods to create passwords that are simultaneously memorable and difficult to guess. Both of these mechanisms involve a dialogue between a user and a system, where a user answers a rotating set of cues or questions. A set of brief responses replaces a single password.The findings of an empirical investigation, focusing on memorability and ease-of-guessing of both cognitive and associative passwords, are reported. These findings show similar results for both types of passwords with no clear advantage to either. They also suggest that both cognitive and associative passwords were easily recalled by users, while they were difficult for others to guess, even by others who were socially close to the users.

论文关键词:Information system security,user authentication,passwords,question-and-answer passwords,secondary passwords,associative passwords,cognitive passwords

论文评审过程:Received 20 May 1990, Revised 29 January 1991, Available online 17 June 2003.

论文官网地址:https://doi.org/10.1016/0306-4379(91)90005-T