Cognitive password

Cognitive password

A cognitive password is a form of knowledge-based authentication that requires a user to answer a question, presumably something they intrinsically know, to verify their identity. Cognitive password systems have been researched for many years and are currently commonly used as a form of secondary access. They were developed to overcome the common memorability vs. strength problem that exists with the traditional password. Cognitive passwords, when compared to other password systems, can be measured through the usage of a memorability vs. guessability ratio.[1]



Research on passwords as an authentification method has struggled between memorability and strong security.[2] Passwords that are easily remembered are easily cracked by attackers. On the other hand strong passwords are difficult to crack but also difficult to remember.[3] When passwords are difficult to remember, users may write them down, and the secrecy of the password is compromised.[4]. Early research into this tradeoff between security and usability aimed to develop a password system that utilized easily remembered personal facts and encouraged user participation. This line of research resulted in the concept of the associative password, a password system based on user selected cues and responses.[5] This concept of associative passwords was extended to a pre-specified set of questions and answers that users would be expected to know and could easily recall.[6]

Cognitive questions

At the core of a cognitive password system lies the questions. These questions were designed to be more memorable than the standard username/password authentication method. As such, a measure of the strength of a cognitive password is the memorability/guessability ratio.[7]

Question Development

Questions developed for cognitive password systems are classified as being either fact or opinion based. Fact based systems have questions with answers that are considered independent of an individual's feelings such as "What is the name of the high school you attended?". Opinion based questions are the opposite and, as the name implies, have answers based on personal opinions such as, "What is your favorite color?"[2] Later research developed a set of criteria for question selection which included generalized answerability, number of potential answers, and generalized lack of ambiguity. The first criteria suggested that questions should be answerable by all (i.e. not asking "When did you purchase your first home?" because not all users may have purchased homes). The second criteria recommended selecting questions with a sufficiently large set of potential answers (i.e. not asking "How many children do you have?" because a majority of people would answer 0, 1 or 2). The final criteria looked for questions that were as unambiguous as possible (i.e. not asking "How many family members do you have?" as there may be some confusion as to who would be included in that count).[8]

Memorability vs. guessability

A user's ability to correctly recall their password is expected to decrease as time progresses.[9] However, the memorability of cognitive passwords remains relatively stable over time with recall rates significantly higher than traditional passwords.[10][11] When fact and opinion-based questions are compared, the fact-based questions are more likely to be correctly remembered than opinion-based questions, but still far more likely than traditional passwords.[10] Cognitive questions, with a group averaged as a whole, show relatively high guessability, much higher than traditional passwords but when analyzed individually, certain questions have been shown to have acceptable memorability/guessability ratios. [10]


The following are some typical cognitive password questions:

  • What is your mother’s maiden name?
  • Who is your favorite superhero?
  • What is your dog’s name
  • What is your car's name?
  • What is your favorite movie?
  • What city were you born in?
  • What is your favorite color?


  1. ^ Harris, Shon (2002). "2". Mike Meyers' CISSP(R) Certification Passport. Mike Meyers' certification passport Passport Series (illustrated ed.). McGraw-Hill Professional. pp. 36. ISBN 9780072225785. 
  2. ^ a b (Zviran and Haga, 1990a, p. 724)
  3. ^ (Zviran and Elrich, 2006, p. 93)
  4. ^ (Zviran and Haga, 1999, p. 173)
  5. ^ (Smith, 1987)
  6. ^ (Zviran and Haga, 1990a, p.723)
  7. ^ (Bunnell et. al, 1997, p. 631)
  8. ^ (Bunnell et. al, 1997, p. 633)
  9. ^ (Brown et al., 2004, p. 642)
  10. ^ a b c (Bunnell et. al, 1997, p. 635)
  11. ^ (Zviran and Haga, 1990a, p.728)

Works cited

  • Brown, Alan S.; al, et. (2004), "Generating and Remembering Passwords", Applied Cognitive Psychology 18 (6): 641–651 
  • Bunnell, Julie; al, et. (1997), "Cognitive, associative and conventional passwords: Recall and guessing rates", Computers & Security 16 (7): 629–641 
  • Smith, Sidney L. (1987), "Authenticating Users by Word Association", Human Factors and Ergonomics Society 31 (1): 135–138 
  • Zviran, Moshe; Haga, William J. (1990a), "Cognitive passwords: The key to easy access control", Computers & Security 9 (8): 723–736 
  • Zviran, Moshe; Haga, William J. (1999), "Password Security: An Empirical Study", Journal of Management Information Systems 15 (4): 161–185 
  • Zviran, Moshe; Elrich, Zippy (2006), "Identification and Authentication: Technology and Implementation Issues", Communications of the Association for Information Systems 17 (4): 90–105 

External links

Wikimedia Foundation. 2010.

Игры ⚽ Нужна курсовая?

Look at other dictionaries:

  • Password — For other uses, see Password (disambiguation). A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource (example: an access code is a type of password). The password… …   Wikipedia

  • Microsoft PowerPoint — Power point redirects here. For other uses, see Power point (disambiguation). Microsoft PowerPoint Microsoft PowerPoint …   Wikipedia

  • List of psychology topics — This page aims to list all topics related to psychology. This is so that those interested in the subject can monitor changes to the pages by clicking on Related changes in the sidebar. It is also to see the gaps in Wikipedia s coverage of the… …   Wikipedia

  • passface — n. A picture of a human face that is used instead of a password as part of a security system. Example Citation: Here s how it works: Like with most Web sites, a user will type in his or her username. But instead of entering a password, he or she… …   New words

  • Criticism of evolutionary psychology — From its beginning, evolutionary psychology (EP) has generated substantial controversy and criticism.[1] Criticisms include 1) disputes about the testability of evolutionary hypotheses, 2) alternatives to some of the cognitive assumptions (such… …   Wikipedia

  • Complications of hypertension — Main complications of persistent high blood pressure Complications of hypertension are clinical outcomes that result from persistent elevation of blood pressure.[1] Hypertension is a risk factor for all …   Wikipedia

  • Social engineering (security) — Social engineering is the art of manipulating people into performing actions or divulging confidential information.Mitnick, K: CSEPS Course Workbook (2004), p. 4, Mitnick Security Publishing.] While similar to a confidence trick or simple fraud,… …   Wikipedia

  • Derren Brown — This article is about the British illusionist and mentalist. For the British guitarist, see Darren Brown. For the baseball coach, see Daren Brown. Derren Victor Brown Born Derren Victor Brown 27 February 1971 …   Wikipedia

  • Orders of magnitude (numbers) — The logarithmic scale can compactly represent the relationship among variously sized numbers. This list contains selected positive numbers in increasing order, including counts of things, dimensionless quantity and probabilities. Each number is… …   Wikipedia

  • Dukkha — For the Egyptian food, see Dukka. Part of a series on Buddhism Outline · Portal History …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”