Effect of Cognitive Effort on Password Choice

Authors: 

Thomas Groß, Kovila P.L. Coopamootoo, and Amina Al-Jabri, Newcastle University

Abstract: 

This paper reports on a lab experiment with 100 subjects which is the first to investigate the impact of cognitive effort and depletion on the choice of user passwords. Two groups of 50 subjects each were asked to generate a password. One group was cognitively depleted, the other was not. Password strength was measured and compared across groups. We find that subjects who are cognitively depleted create worse passwords than undepleted subjects. Surprisingly, subjects who report mild cognitive exertion create better password than undepleted subjects. We are interested in discussing how cognitive effort impacts authentication as well as how to negotiate the cognitive demands of password procedures to best support users.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

Groß PDF
BibTeX
@inproceedings {197889,
author = {Thomas Gro{\ss} and Kovila P.L. Coopamootoo and Amina Al-Jabri},
title = {Effect of Cognitive Effort on Password Choice},
booktitle = {Twelfth Symposium on Usable Privacy and Security ({SOUPS} 2016)},
year = {2016},
address = {Denver, CO},
url = {https://www.usenix.org/conference/soups2016/workshop-program/way2016/presentation/gross},
publisher = {{USENIX} Association},
}
Download