Music is the Key: Using our Enduring Memory for Songs to Help Users Log On

Music is the Key: Using our Enduring Memory for Songs to Help Users Log On

Marcia Gibson (Institute for Research in Applicable Computing, University of Bedfordshire, UK), Karen Renaud (University of Glasgow, UK), Marc Conrad (Institute for Research in Applicable Computing, University of Bedfordshire, UK) and Carsten Maple (Institute for Research in Applicable Computing, University of Bedfordshire, UK)
DOI: 10.4018/978-1-4666-2919-6.ch046
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

Devising access control systems to support needs and capabilities of users, as well as the security requirements of organisations, is a key challenge faced in many of today’s business environments. If users are to behave securely, they must not be overburdened with unworkable authentication policies and methods. Yet the prevailing alphanumeric password can be a double-edged sword: secure passwords are inherently difficult to recall and vice-versa. Consequentially, a growing number of alternatives are emerging. In this chapter, the authors describe one novel scheme - a musical password. Musipass was designed with the user in mind and is tailored toward the task of authentication on the Web, where biometric and token-based systems have proved unsuccessful in replacing the flawed, yet prevalent traditional password. This chapter, which includes discussion on current thinking in the field of authentication, will be of interest to information managers, security practitioners, and HCI professionals.
Chapter Preview
Top

Background

There are two reasons that we forget; either the information no longer exists (“trace-dependent forgetting”); or it exists, but cannot be retrieved (“cue-dependent forgetting”) (Tulving, 1974). Trace-dependent forgetting happens when an item is not imprinted strongly enough, if the item has not been successfully consolidated or has become corrupted by other memory items (“interference”). Cue-dependent forgetting occurs when a retrieval trigger (“cue”) is not associated with the item.

It is difficult to generate a cue for a random password and cues cannot be provided to the user during authentication (i.e. it requires “free-recall”), as it cannot be ascertained whether the user is a friend or a foe. When John in accounts creates the password “Fluffy” based on his pet's name or writes passwords down, what he is really trying to do is provide himself with a cue as insurance against forgetting. So what happens when John has three pets, Fluffy, Lois and Ruff? In this case interference may be experienced, where John is able to recall numerous passwords, but not the precise one to access the system in question. When an individual reuses a password over numerous accounts he or she is effectually limiting the effort required to generate and memorize the password, as well as the possibility interference will occur.

Complete Chapter List

Search this Book:
Reset