The password creation and management process presents a problem for users as secure passwords are not often very memorable, and memorable passwords are rarely secure (Adams & Sasse, 1999). Given that passwords are currently the dominant authentication method and that this situation is unlikely to change in the near future, it is imperative to continue to investigate the most effective password behaviors. Researchers have suggested that encouraging users to create passwords based on stories can be an effective method to improve password recall (Blocki. Komanduri. Cranor, & Datta. 2015). The Person-Action-Object (PAO) strategy has users create a password string based on a person they select from a predetermined list, which is later paired with an action and an object. Users are asked to imagine the person acting upon said object in a certain context. For instance, a user may imagine Darth Vader (person) bribing (action) a roach (object) among lily pads. The PAO method can help users circumvent much of the forgetting that happens soon after encoding a password.
展开▼