1. ¹Department of Computer Information Systems, School of Business, Virginia State University, Petersburg, VA, U.S.A.
2. ²Anderson School of Management, The University of New Mexico, Albuquerque, NM, U.S.A.
3. ³Computer Information Systems, College of Business, Delta State University, Cleveland, MS, U.S.A.

Correspondence: Jie Zhang, Department of Computer Information Systems, School of Business, Virginia State University, Petersburg, VA 23806, U.S.A. E-mail: jzhang@vsu.edu

Received 8 April 2008; Revised 18 August 2008; Re-revised 31 January 2009; Accepted 23 February 2009; Published online 31 March 2009.

Abstract

As one of the most common authentication methods, passwords help secure information by granting access only to authorized parties. To be effective, passwords should be strong, secret, and memorable. While password strength can be enforced by automated information technology policies, users frequently jeopardize secrecy to improve memorability. The password memorability problem is exacerbated by the number of different passwords a user is required to remember. While short-term memory theories have been applied to individual-password management problems, the relationship between memory and the multiple-password problem has not been examined. This paper treats the multiple-password management crisis as a search and retrieval problem involving human beings' long-term memory. We propose that interference between different passwords is one of the major challenges to multiple-password recall and that interference alleviation methods can significantly improve multiple-password recall. A lab experiment was conducted to examine the effectiveness of two interference alleviation methods: the list reduction method and the unique identifier method. While both methods improve multiple-password recall performance, the list reduction method leads to statistically significant improvement. The results demonstrate the potential merit of practices targeting multiple-password interference. By introducing long-term memory theory to multiple-password memorability issues, this study presents implications benefiting users and serves as the potential starting point for future research.