Forget the Password: Password Memory and Security Applications of Augmented Cognition.

Individual security behavior plays a central role in achieving secure computing. However, secure usage is difficult to guarantee in an open-ended context where different users have different perceptions of security as well as different cognitive loads when using security tools. In designing secure systems, it is not only necessary to define secure behavior but also to provide built-in support for such behavior in order to enable users to be complaint. In this work, we explore the viability of augmented cognition as a modality that can be used to support security-oriented behavior in authentication systems. Specifically, we explore how transformations of password character properties such as font and weight can improve password recall and recognition and reduce insecure habits, such as writing down passwords. In a previous study, we tested the accuracy of recall and recognition in an augmented password system. The system was designed to make use of character property transformations to minimize the need for complex passwords while not compromising security. Here we repeat the study, incorporating the use of neurophysiological measures to study human physiological responses during recognition and recall of character sets with different types of transformation. The results suggest that cognitive effort in recall of complex passwords can be alleviated with the performance of the augmented password task. This finding has important implications for future research.