PasswordsWhy and how people forget passwords

Do you frequently forget passwords to a baffling array of accounts and websites? Much depends on a password’s importance and how often you use it, according to a Rutgers University-New Brunswick-led study that could spur improved password technology and use.

“Websites focus on telling users if their passwords are weak or strong, but they do nothing to help people remember passwords,” said Janne Lindqvist, study co-author and assistant professor in the Department of Electrical and Computer Engineering in the School of Engineering.

“Our model could be used to predict the memorability of passwords, measure whether people remember them and prompt password system designers to provide incentives for people to log in regularly,” Lindqvist said. “Logging in more often helps people remember passwords.”

Rutgers notes that it is well-known that text-based passwords are hard to remember and people prefer simple, unsecure passwords. The study found evidence that human memory naturally adapts based on an estimate of how often a password will be needed. Important, frequently used passwords are less likely to be forgotten, and system designers need to consider the environment in which passwords are used and how memory works over time.

“Many people struggle with passwords because you need a lot of them nowadays,” Lindqvist said. “People get frustrated. Our major findings include that password forgetting aligns well with one of the psychological theories of memory and predicting forgetting of passwords.”

— Read more in Xianyi Gao et al., “Forgetting of Passwords: Ecological Theory and Data,” Meeting: 27th USENIX Security Symposium, 2018