Think Harder! Investigating the Effect of Password Strength on Cognitive Load during Password Creation
read more
Citations
”Your Eyes Tell You Have Used This Password Before”: Identifying Password Reuse from Gaze and Keystroke Dynamics
Pupil dilation as cognitive load measure in instructional videos on complex chemical representations
A temporally quantized distribution of pupil diameters as a new feature for cognitive load classification
Towards Practical Personalized Security Nudge Schemes: Investigating the Moderation Effects of Behavioral Features on Nudge Effects
Reviewing the Usability of Web Authentication Procedures: Comparing the Current Procedures of 20 Websites
References
Development of NASA-TLX (Task Load Index): Results of Empirical and Theoretical Research
Pupil Size in Relation to Mental Activity during Simple Problem-Solving
The efficiency of instructional conditions: An approach to combine mental-effort and performance measures
Related Papers (5)
Optiwords: A new password policy for creating memorable and strong passwords
Frequently Asked Questions (10)
Q2. What future works have the authors mentioned in the paper "Think harder! investigating the effect of password strength on cognitive load during password creation" ?
For future work, it is valuable to investigate the effect of reusing passwords and whether it complies to their findings or not. The authors will also investigate how would their approach distinguish between a low cognitive load due to a weak password and a low cognitive load due to the user adopting a password strategy.
Q3. How can the authors use pupil diameter to assess password strength?
Since the authors found that password strength is reflected in pupil diameter response, pupil diameter can be integrated in interfaces to assess password strength without revealing the actual password to the system.
Q4. What can be the effect of strict password policies on users’ productivity?
strict policies can frustrate users, reduce their productivity, and lead users to write their passwords down [1, 18, 35].
Q5. What is the way to improve validity of pupillometry?
One way to improve validity is to strictly control the luminance of the experimental stimuli, but this limits the potential of pupillometry.
Q6. What is the advantage of using a password meter?
It also has a usability advantage: if the authors are able to determine password strength through the user’s cognitive load (e.g., as estimated via an eye tracker), then users can consciously learn about their password’s strength, even if the used interface does not measure the password’s strength.
Q7. How did the authors compare the differentiating between weak and strong passwords?
The authors used a cut off score of 2.5 for differentiating between weak and strong passwords where from 1 to 2.5 is considered as weak password and from more than 2.5 to 5 is considered as strong password.
Q8. What factors influence the strength of passwords?
Researchers found that password meters design, color and feedback messages have an influence on the strength of the created passwords [12, 13, 34, 39].
Q9. What was the setup of the experiment?
As shown in Figure 1, their experimental setup consisted of a Tobii Pro Glasses 21 with 120 fps running on Lenovo T440s2 along with the Tobii glasses controller3.
Q10. What is the password for the study?
While metrics like password length have a stronger positive impact on security than special characters [25], the responses still show that participants knew what makes passwords stronger.