000000304 001__ 304
000000304 005__ 20151203070528.0
000000304 037__ $$aLERSSE-RefConfPaper-2015-003
000000304 100__ $$aJun Ho Huh
000000304 245__ $$aOn the Memorability of System-generated PINs: Can Chunking Help?
000000304 260__ $$c2015-06-12
000000304 300__ $$a13
000000304 520__ $$aTo ensure that users do not choose weak personal identification numbers (PINs), many banks give out system-generated random PINs. 4-digit is the most commonly used PIN length, but 6-digit system-generated PINs are also becoming popular. The increased security we get from using system-generated PINs, however, comes at the cost of memorability. And while banks are increasingly adopting system-generated PINs, the impact on memorability of such PINs has not been studied. We conducted a large-scale online user study with 9,114 participants to investigate the impact of increased PIN length on the memorability of PINs, and whether number chunking1 techniques (breaking a single number into multiple smaller numbers) can be applied to improve memorability for larger PIN lengths. As one would expect, our study shows that system-generated 4-digit PINs outperform 6-, 7-, and 8-digit PINs in long-term memorability. Interestingly, however, we find that there is no statistically significant difference in memorability between 6-, 7-, and 8-digit PINs, indicating that 7-, and 8-digit PINs should also be considered when looking to increase PIN length to 6-digits from currently common length of 4-digits for improved security. By grouping all 6-, 7-, and 8-digit chunked PINs together, and comparing them against a group of all non-chunked PINs, we find that chunking, overall, improves memorability of system-generated PINs. To our surprise, however, none of the individual chunking policies (e.g., 0000-00-00) showed statistically significant improvement over their peer non-chunked policies (e.g., 00000000), indicating that chunking may only have a limited impact. Interestingly, the top performing 8-digit chunking policy did show noticeable and statistically significant improvement in memorability over shorter 7-digit PINs, indicating that while chunking has the potential to improve memorability, more studies are needed to understand the contexts in which that potential can be realized.
000000304 6531_ $$aUsable Security
000000304 700__ $$aHyoungschick Kim
000000304 700__ $$aRakesh B. Bobba
000000304 700__ $$aMasooda N. Bashir
000000304 700__ $$aKonstantin Beznosov
000000304 8560_ $$flersse-it@ece.ubc.ca
000000304 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/304/files/soups2015-final110.pdf
000000304 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/304/files/soups2015-final110.pdf?subformat=pdfa$$xpdfa
000000304 909C4 $$pJun Ho Huh, Hyoungschick Kim, Rakesh B. Bobba, Masooda N. Bashir and Konstantin Beznosov. 2015. On the Memorability of System-generated PINs: Can Chunking Help? SOUPS'15: Symposium On Usable Privacy and Security. Ottawa, Ontario, Canada
000000304 980__ $$aRefConfPaper