Remembering Multiple Passwords by Way of Minimal-Feedback Hints: Replication and Further Analysis

Morten Hertzum

    Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearch


    Passwords are a prominent mechanism for user authentication but entail a conflict between ease of use and security in that passwords must be both easy to remember for the password holder and difficult to guess for everybody else. To support users in remembering their passwords minimal-feedback hints for remote authentication (MiFA) provide users with a couple of the password characters when users are prompted for their password. In this study MiFA hints, originally devised by Lu and Twidale (2003), were evaluated by having 14 participants create five passwords each and prompting them for these passwords after one week and after four weeks. With the aid of MiFA hints participants remembered significantly more passwords and were significantly more confident in the correctness of their memory of their passwords than without hints. However, many of the passwords created by the participants were weak, for example a word followed by one or more digits, and vulnerable to dictionary attacks.
    Original languageEnglish
    Title of host publicationProceedings of the Fourth Dansih Human-Computer Interaction Research Symposium
    EditorsJesper Kjeldskov, Mikael B. Skov, Jan Stage
    PublisherAalborg Universitet
    Publication date2004
    Publication statusPublished - 2004
    EventDanish Human-Computer Interaction Research Symposium - Aalborg, Denmark
    Duration: 6 Nov 2004 → …
    Conference number: 4


    ConferenceDanish Human-Computer Interaction Research Symposium
    Period06/11/2004 → …


    • security
    • passwords
    • minimal-feedback hints

    Cite this