Browse by author
Lookup NU author(s): Professor Thomas GrossORCiD, Dr Kovila Coopamootoo
Background. The Limited Strength model [3] of cognitive psychologypredicts that human capacity to exert cognitive effort is limited andthat decision making is impeded once high depletion is reached.Aim. We investigate how password choice differs between depleted and undepleted users.Method. Two groups of 50 subjects each were asked to generate a password. One group was cognitively depleted, the other was not. Passwordstrength was measured and compared across groups.Results. Using a stepwise linear regression we found that password strength is predicted by depletion level, personality traits and mood, with an overalladjusted R2 = :206. The depletion level was the strongest predictor of password strength (predictor importance :371 and p = :001). Participants with slight effortful exertion created significantly better passwords than the undepleted control group. Participants with high depletion created worse passwords than the control group.Conclusions. That strong depletion diminishes the capacity to choose strong passwords indicates that cognitive effort is necessary for the creation ofstrong passwords. It is surprising that slight exertion of cognitive effort prior to the password creation leads to stronger passwords. Our findings open upnew avenues for usable security research through deliberately eliciting cognitive effort and replenishing after depletion and indicate the potential of investigating personality traits and current mood.
Author(s): Gross T, Coopamootoo K, Al-Jabri A
Publication type: Report
Publication status: Published
Series Title: School of Computing Science Technical Report Series
Year: 2016
Pages: 16
Print publication date: 21/09/2016
Acceptance date: 20/09/2016
Report Number: 1496
Institution: School of Computing Science, University of Newcastle upon Tyne
Place Published: Newcastle upon Tyne
URL: http://www.cs.ncl.ac.uk/publications/trs/papers/1496
