On the Deployment of Password Hints Using Pre-Attentive Visual Priming for One- Time Passwords

Password based security is still the most prevalent form of controlling access to trusted resources accessed through computers. There are several difficulties associated with password based systems, the predominant one being password memorability. The average person has approximately 15 passwords to maintain, which engenders a significant cognitive burden if passwords are selected and utilised properly. One potential solution to the memorability issue is to provide users with password hints. For instance, literal hints in the form of a displaying a subset of the actual password characters in situ during have been deployed commercially. Although potentially effective, this approach compromises the password coverage space, effectively weakening the password. Further, this approach may render the password susceptible to shoulder surfing and other means of surveillance. In this work, a compromise was sought between enhancing password memorability while reducing the likelihood of successful surveillance based attacks. The scheme deployed in this work is based on a one-time password scheme (OTP). To enhance memorability, password hints are utilised, which are deployed in the form of pre-attentive hinting. The question explored in this work is whether pre-attentive hinting is sufficient to enhance memorability, without rendering the approach susceptible to a surveillance based attack.