Dhaka University Journal of Applied Science & Engineering

• Fairuz Nawer Meem
  Department of Computer Science and Engineering, University of Dhaka, Dhaka-1000, Bangladesh
• Rahat Al Noman
  Department of Computer Science and Engineering University of Dhaka, Dhaka-1000, Bangladesh
• Pritom Saha
  Department of Computer Science and Engineering, University of Dhaka, Dhaka-1000, Bangladesh
• Muhammad Shakil Pervez
  Department of Computer Science and Engineering, University of Dhaka, Dhaka-1000, Bangladesh
• Ismat Rahman
  Department of Computer Science and Engineering, University of Dhaka, Dhaka-1000, Bangladesh
• Moinul Zaber
  Department of Computer Science and Engineering, University of Dhaka, Dhaka-1000, Bangladesh
• S T Ahmed Rumee
  Department of Computer Science and Engineering, University of Dhaka, Dhaka-1000, Bangladesh

Most users follow common strategies and patterns while choosing passwords, which makes them easier to remember but often very weak in terms of security. System-assigned random passwords can be an answer to this problem. However, these random passwords are difficult to remember and hardly used by the users through their strong security guarantee. Recently researchers have been trying on devising techniques to remember random passwords. However, state-of-the-art methods have noticeable limitations such as - no upper case or special characters were considered, which is not practical for any good password. This paper proposes a novel scheme to aid users in remembering random passwords that do not suffer from these limitations. Users can select both graphical and text-based hints and associate them with system-assigned random passwords. Detailed user surveys were performed and the results showed that the proposed method can help users to remember random passwords with high accuracy. Using the proposed method, participants could recollect random passwords with an accuracy of 90.41% (average), which becomes 95% if case sensitivity is ignored.

1. J. Yan, A. Blackwell, R. Anderson, and A. Grant, “Password memorability and security: Empirical results,” IEEE Security & privacy, vol. 2, no. 5, pp. 25–31, 2004
2. B. Ives, K. R. Walsh, and H. Schneider, “The domino effect of password reuse,” Communications of the ACM, vol. 47, no. 4, pp. 75–78, 2004
3. S. Furnell and R. Esmael, “Evaluating the effect of guidance and feedback upon password compliance,” Computer Fraud & Security, vol. 2017, no. 1, pp. 5–10, 2017
4. N. Kumar, “Password in practice: An usability survey,” Journal of Global Research in Computer Science, vol. 2, no. 5, pp. 107– 112, 2011
5. S. Furnell, “Assessing website password practices–over a decade of progress?” Computer Fraud & Security, vol. 2018, no. 7, pp. 6–13, 2018
6. A. Constantinides, M. Belk, C. Fidas, and G. Samaras, “On cultural-centered graphical passwords: Leveraging on users’ cultural experiences for improving password memorability,” in Proceedings of the 26th Conference on User Modeling, Adaptation and Personalization, 2018, pp. 245–249
7. M. N. Al-Ameen, S. T. Marne, K. Fatema, M. Wright, and S. Scielzo, “On improving the memorability of system-assigned recognition-based passwords,” Behaviour & Information Technology, pp. 1–17, 2020.
8. M. Mohamed, J. Chakraborty, and S. Pillutla, “Effects of culture on graphical password image selection and design,” Journal of Systems and Information Technology, 2020.
9. L. A. Harper, The English Navigation Laws: a seventeenth century experiment in social engineering. Columbia University Press, New York, 1939.
10. H. Von Restorff, “The effects of field formation in the trace field,” Psychol Res, vol. 18, no. 1, pp. 299–342, 1933.
11. T. Valentine, “An evaluation of the passface personal authentication system, goldsmith college univ,” of London, Tech. Report, Tech. Rep., 1999
12. X. Suo, Y. Zhu, and G. S. Owen, “Graphical passwords: A survey,” in 21st Annual Computer Security Applications Conference (ACSAC’05). IEEE, 2005, pp. 10–pp.
13. S. Leonardo, “Graphical pass-words, the rutgers scholar an electronic bulletin of undergraduate research,” http://rutgersscholar.rutgers.edu/volume04/sobrbirg/sobrbirg. htm, 2008
14. T. Valentine, “Memory for passfaces after a long delay,” Report to ID Arts, 1999.
15. S. Brostoff and M. A. Sasse, “Are passfaces more usable than passwords? a field trial investigation,” in People and computers XIV—usability or else! Springer, 2000, pp. 405–424
16. M. N. Al-Ameen, M. Wright, and S. Scielzo, “Towards making random passwords memorable: Leveraging users’ cognitive ability through multiple cues,” in Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems. ACM, 2015, pp. 2315–2324.
17. K. M. Everitt, T. Bragin, J. Fogarty, and T. Kohno, “A comprehensive study of frequency, interference, and training of multiple graphical passwords,” in Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2009, pp. 889–898.
18. A. Forget, S. Chiasson, P. C. Van Oorschot, and R. Biddle, “Improving text passwords through persuasion,” in Proceedings of the 4th symposium on Usable privacy and security. ACM, 2008, pp. 1–12.
19. R. Shay, P. G. Kelley, S. Komanduri, M. L. Mazurek, B. Ur, T. Vidas, L. Bauer, N. Christin, and L. F. Cranor, “Correct horse battery staple: Exploring the usability of system-assigned passphrases,” in Proceedings of the eighth symposium on usable privacy and security. ACM, 2012, p. 7.
20. N. Wright, A. S. Patrick, and R. Biddle, “Do you see your password?: applying recognition to textual passwords,” in Proceedings of the Eighth Symposium on Usable Privacy and Security. ACM, 2012, p. 8.
21. J. R. Anderson and G. H. Bower, “Recognition and retrieval processes in free recall.” Psychological review, vol. 79, no. 2, p. 97, 1972.
22. E. Tulving, “Synergistic ecphory in recall and recognition.” Canadian Journal of Psychology/Revue canadienne de psychologie, vol. 36, no. 2, p. 130, 1982.
23. M. N. Al-Ameen, K. Fatema, M. Wright, and S. Scielzo, “The impact of cues and user interaction on the memorability of system-assigned recognition-based graphical passwords,” in Eleventh Symposium on Usable Privacy and Security({SOUPS} 2015), 2015, pp. 185–196.
24. E. Tulving and M. J. Watkins, “Continuity between recall and recognition,” The American Journal of Psychology, pp. 739–748, 1973.
25. W. A. Wickelgren and D. A. Norman, “Strength models and serial position in short-term recognition memory,” Journal of Mathematical Psychology, vol. 3, no. 2, pp. 316–347, 1966.
26. D. Davis, F. Monrose, and M. K. Reiter, “On user choice in graphical password schemes.” in USENIX Security Symposium, vol. 13, no. 2004, 2004, pp. 11–11.
27. S. T. Haque, M. N. Al-Ameen, M. Wright, and S. Scielzo, “Learning system-assigned passwords (up to 56 bits) in a single registration session with the methods of cognitive psychology,” Proc. USEC. The Internet Society, 2017.