Why do people frequently forget passwords to their accounts and websites? Much depends on a password's importance and how often they use it, according to a Rutgers University-New Brunswick-led study.
"Websites focus on telling users if their passwords are weak or strong, but they do nothing to help people remember passwords," said Janne Lindqvist, study co-author and assistant professor in the Department of Electrical and Computer Engineering in the School of Engineering.
"Our model could be used to predict the memorability of passwords, measure whether people remember them and prompt password system designers to provide incentives for people to log in regularly," Lindqvist said. "Logging in more often helps people remember passwords."
It's well-known that text-based passwords are hard to remember and people prefer simple, unsecure passwords. The study found evidence that human memory naturally adapts based on an estimate of how often a password will be needed. Important, frequently used passwords are less likely to be forgotten, and system designers need to consider the environment in which passwords are used and how memory works over time.
"Many people struggle with passwords because you need a lot of them nowadays," Lindqvist said. "People get frustrated. Our major findings include that password forgetting aligns well with one of the psychological theories of memory and predicting forgetting of passwords.
The study by researchers at Rutgers-New Brunswick and Aalto University in Finland was published last month at the 27th USENIX Security Symposium in Baltimore, Maryland.