The underlying issues relating to the usability and security of multiple passwords are largely unexplored. However, we know that people generally have difficulty remembering multiple passwords. This reduces security since users reuse the same password for different systems or reveal other passwords as they try to log in. We report on a laboratory study comparing recall of multiple text passwords with recall of multiple click-based graphical passwords. In a one-hour session (short-term), we found that participants in the graphical password condition coped significantly better than those in the text password condition. In particular, they made fewer errors when recalling their passwords, did not resort to creating passwords directly related to account names, and did not use similar passwords across multiple accounts. After two weeks, participants in the two conditions had recall success rates that were not statistically different from each other, but those with text passwords made more recall errors than participants with graphical passwords. In our study, click-based graphical passwords were significantly less susceptible to multiple password interference in the short-term, while having comparable usability to text passwords in most other respects. Copyright 2009 ACM.

Additional Metadata
Keywords Authentication, Graphical passwords, Multiple password interference, Usable security
Persistent URL dx.doi.org/10.1145/1653662.1653722
Conference 16th ACM Conference on Computer and Communications Security, CCS'09
Citation
Chiasson, S, Forget, A. (Alain), Stobert, E. (Elizabeth), Van Oorschot, P, & Biddle, R. (2009). Multiple password interference in text passwords and click-based graphical passwords. Presented at the 16th ACM Conference on Computer and Communications Security, CCS'09. doi:10.1145/1653662.1653722