next up previous
Next: Reduce changes Up: Limit the memory load Previous: Teach users tricks for


Use cues

Try using cued recall. That is, prompt users for the information they must remember [Patrick, 2002]. This technique is in fairly common use now as a back-up system to passwords. If the user forgets his or her password, then he or she is prompted with a question either of the system's choosing, sometimes selected from a list provided by the system (Selections might include ``What is your birth date?" or ``What is your mother's maiden name?"), or a question created by the user (such as ``What was your grade 7 locker combination?").

It should be noted that while this is easier for users to remember, it is difficult to ensure that the answers to these questions aren't obvious to an attacker who has some knowledge of the user. An informal study found that email accounts secured by this method were easily compromised by friends and even acquaintances who had some knowledge of the target [Taylor et al., 2002].



Terri 2004-01-05