Question-and-answer passwords: An empirical evaluation

William J. Haga; Moshe Zviran

doi:10.1016/0306-4379(91)90005-T

Question-and-answer passwords: An empirical evaluation

William J. Haga^*, Moshe Zviran

^*Corresponding author for this work

Naval Postgraduate School

Research output: Contribution to journal › Article › peer-review

34 Scopus citations

Abstract

This paper evaluates two question-and-answer password techniques and suggests the use of either cognitive or associative passwords as methods to create passwords that are simultaneously memorable and difficult to guess. Both of these mechanisms involve a dialogue between a user and a system, where a user answers a rotating set of cues or questions. A set of brief responses replaces a single password. The findings of an empirical investigation, focusing on memorability and ease-of-guessing of both cognitive and associative passwords, are reported. These findings show similar results for both types of passwords with no clear advantage to either. They also suggest that both cognitive and associative passwords were easily recalled by users, while they were difficult for others to guess, even by others who were socially close to the users.

Original language	English
Pages (from-to)	335-343
Number of pages	9
Journal	Information Systems
Volume	16
Issue number	3
DOIs	https://doi.org/10.1016/0306-4379(91)90005-T
State	Published - 1991
Externally published	Yes

Keywords

Information system security
associative passwords
cognitive passwords
passwords
question-and-answer passwords
secondary passwords
user authentication

Access to Document

10.1016/0306-4379(91)90005-T

Cite this

@article{e045c4110ab4473b9eb098e70c12da2c,

title = "Question-and-answer passwords: An empirical evaluation",

abstract = "This paper evaluates two question-and-answer password techniques and suggests the use of either cognitive or associative passwords as methods to create passwords that are simultaneously memorable and difficult to guess. Both of these mechanisms involve a dialogue between a user and a system, where a user answers a rotating set of cues or questions. A set of brief responses replaces a single password. The findings of an empirical investigation, focusing on memorability and ease-of-guessing of both cognitive and associative passwords, are reported. These findings show similar results for both types of passwords with no clear advantage to either. They also suggest that both cognitive and associative passwords were easily recalled by users, while they were difficult for others to guess, even by others who were socially close to the users.",

keywords = "Information system security, associative passwords, cognitive passwords, passwords, question-and-answer passwords, secondary passwords, user authentication",

author = "Haga, {William J.} and Moshe Zviran",

year = "1991",

doi = "10.1016/0306-4379(91)90005-T",

language = "אנגלית",

volume = "16",

pages = "335--343",

journal = "Information Systems",

issn = "0306-4379",

publisher = "Elsevier Ltd.",

number = "3",

}

TY - JOUR

T1 - Question-and-answer passwords

T2 - An empirical evaluation

AU - Haga, William J.

AU - Zviran, Moshe

PY - 1991

Y1 - 1991

N2 - This paper evaluates two question-and-answer password techniques and suggests the use of either cognitive or associative passwords as methods to create passwords that are simultaneously memorable and difficult to guess. Both of these mechanisms involve a dialogue between a user and a system, where a user answers a rotating set of cues or questions. A set of brief responses replaces a single password. The findings of an empirical investigation, focusing on memorability and ease-of-guessing of both cognitive and associative passwords, are reported. These findings show similar results for both types of passwords with no clear advantage to either. They also suggest that both cognitive and associative passwords were easily recalled by users, while they were difficult for others to guess, even by others who were socially close to the users.

AB - This paper evaluates two question-and-answer password techniques and suggests the use of either cognitive or associative passwords as methods to create passwords that are simultaneously memorable and difficult to guess. Both of these mechanisms involve a dialogue between a user and a system, where a user answers a rotating set of cues or questions. A set of brief responses replaces a single password. The findings of an empirical investigation, focusing on memorability and ease-of-guessing of both cognitive and associative passwords, are reported. These findings show similar results for both types of passwords with no clear advantage to either. They also suggest that both cognitive and associative passwords were easily recalled by users, while they were difficult for others to guess, even by others who were socially close to the users.

KW - Information system security

KW - associative passwords

KW - cognitive passwords

KW - passwords

KW - question-and-answer passwords

KW - secondary passwords

KW - user authentication

UR - http://www.scopus.com/inward/record.url?scp=0005661981&partnerID=8YFLogxK

U2 - 10.1016/0306-4379(91)90005-T

DO - 10.1016/0306-4379(91)90005-T

M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???

AN - SCOPUS:0005661981

SN - 0306-4379

VL - 16

SP - 335

EP - 343

JO - Information Systems

JF - Information Systems

IS - 3

ER -

Question-and-answer passwords: An empirical evaluation

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this