Question-and-answer passwords: An empirical evaluation

摘要

This paper evaluates two question-and-answer password techniques and suggests the use of either cognitive or associative passwords as methods to create passwords that are simultaneously memorable and difficult to guess. Both of these mechanisms involve a dialogue between a user and a system, where a user answers a rotating set of cues or questions. A set of brief responses replaces a single password.The findings of an empirical investigation, focusing on memorability and ease-of-guessing of both cognitive and associative passwords, are reported. These findings show similar results for both types of passwords with no clear advantage to either. They also suggest that both cognitive and associative passwords were easily recalled by users, while they were difficult for others to guess, even by others who were socially close to the users.