usenix conference policies
On the Memorability of System-generated PINs: Can Chunking Help?
Jun Ho Huh, Honeywell ACS Labs; Hyoungshick Kim, Sungkyunkwan University; Rakesh B. Bobba, Oregon State University; Masooda N. Bashir, University of Illinois at Urbana-Champaign; Konstantin Beznosov, University of British Columbia
To ensure that users do not choose weak personal identication numbers (PINs), many banks give out system-generated random PINs. 4-digit is the most commonly used PIN length, but 6-digit system-generated PINs are also becoming popular. The increased security we get from using system-generated PINs, however, comes at the cost of memorability. And while banks are increasingly adopting system-generated PINs, the impact on memorability of such PINs has not been studied.
We conducted a large-scale online user study with 9,114 participants to investigate the impact of increased PIN length on the memorability of PINs, and whether number <em>chunking</em> techniques (breaking a single number into multiple smaller numbers) can be applied to improve memorability for larger PIN lengths. As one would expect, our study shows that system-generated 4-digit PINs outperform 6-, 7-, and 8-digit PINs in long-term memorability. Interestingly, however, we find that there is no statistically significant difference in memorability between 6-, 7-, and 8-digit PINs, indicating that 7-, and 8-digit PINs should also be considered when looking to increase PIN length to 6-digits from currently common length of 4-digits for improved security.
By grouping all 6-, 7-, and 8-digit chunked PINs together, and comparing them against a group of all non-chunked PINs, we find that chunking, overall, improves memorability of system-generated PINs. To our surprise, however, none of the individual chunking policies (e.g., 0000-00-00) showed statistically significant improvement over their peer non-chunked policies (e.g., 00000000), indicating that chunking may only have a limited impact. Interestingly, the top performing 8-digit chunking policy did show noticeable and statistically significant improvement in memorability over shorter 7-digit PINs, indicating that while chunking has the potential to improve memorability, more studies are needed to understand the contexts in which that potential can be realized.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Jun Ho Huh and Hyoungshick Kim and Rakesh B. Bobba and Masooda N. Bashir and Konstantin Beznosov},
title = {On the Memorability of System-generated {PINs}: Can Chunking Help?},
booktitle = {Eleventh Symposium On Usable Privacy and Security (SOUPS 2015)},
year = {2015},
isbn = {978-1-931971-249},
address = {Ottawa},
pages = {197--209},
url = {https://www.usenix.org/conference/soups2015/proceedings/presentation/huh},
publisher = {USENIX Association},
month = jul
}
connect with us