Understanding Password Preferences, Memorability, and Security Through a Human-Centered Lens
MCML Authors
Enkelejda Kasneci
Prof. Dr.
Core PI
Abstract
Enkelejda Kasneci
Prof. Dr.
Core PI
Abstract
Passwords remain the primary authentication method, yet usercreated passwords are often the weakest due to the security–usability trade-off. Although AI-based password generators are emerging, little is known about their effectiveness and user perceptions. This eyetracking study examined how behavior during password creation, selection, and memorization relates to objective and subjective password quality. Four password models, three AI-based (DeepSeekAPI, ChatGPT-API, PassGPT) and one rule-based random generator, generated suggestions from participants’ self-generated passwords across four website contexts. Eye movements were recorded throughout the experiment. Results confirm the expected tradeoff between AI-generated password strength and human memorability but also reveal a novel behavioral link. Despite stronger AI-generated passwords, participants favored self-generated ones. Notably, visual attention to contextual cues was significantly correlated with higher password entropy. This suggests that security is shaped not only by the generation tool but also by users’ visual engagement with contextual cues, highlighting the potential of attention-driven security design.
BibTeXKey: POK26