On the memorability of system-generated PINs: Can chunking help?

Jun Ho Huh, Hyoungschick Kim, Rakesh B. Bobba, Masooda N. Bashir, Konstantin Beznosov

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

To ensure that users do not choose weak personal identification numbers (PINs), many banks give out system-generated random PINs. 4-digit is the most commonly used PIN length, but 6-digit system-generated PINs are also becoming popular. The increased security we get from using system-generated PINs, however, comes at the cost of memorability. And while banks are increasingly adopting system-generated PINs, the impact on memorability of such PINs has not been studied. We conducted a large-scale online user study with 9,114 participants to investigate the impact of increased PIN length on the memorability of PINs, and whether number chunking1 techniques (breaking a single number into multiple smaller numbers) can be applied to improve memorability for larger PIN lengths. As one would expect, our study shows that system-generated 4-digit PINs outperform 6-, 7-, and 8-digit PINs in long-term memorability. Interestingly, however, we find that there is no statistically significant difference in memorability between 6-, 7-, and 8-digit PINs, indicating that 7-, and 8-digit PINs should also be considered when looking to increase PIN length to 6-digits from currently common length of 4-digits for improved security. By grouping all 6-, 7-, and 8-digit chunked PINs together, and comparing them against a group of all non-chunked PINs, we find that chunking, overall, improves memorability of system-generated PINs. To our surprise, however, none of the individual chunking policies (e.g., 0000-00-00) showed statistically significant improvement over their peer non-chunked policies (e.g., 00000000), indicating that chunking may only have a limited impact. Interestingly, the top performing 8-digit chunking policy did show noticeable and statistically significant improvement in memorability over shorter 7-digit PINs, indicating that while chunking has the potential to improve memorability, more studies are needed to understand the contexts in which that potential can be realized.

Original languageEnglish (US)
Title of host publicationSOUPS 2015 - Proceedings of the 11th Symposium on Usable Privacy and Security
PublisherUSENIX Association
Pages197-209
Number of pages13
ISBN (Electronic)9781931971249
StatePublished - 2019
Event11th Symposium on Usable Privacy and Security, SOUPS 2015 - Ottawa, Canada
Duration: Jul 22 2015Jul 24 2015

Publication series

NameSOUPS 2015 - Proceedings of the 11th Symposium on Usable Privacy and Security

Conference

Conference11th Symposium on Usable Privacy and Security, SOUPS 2015
Country/TerritoryCanada
CityOttawa
Period7/22/157/24/15

Keywords

  • Chunking
  • PINs
  • Passwords
  • Policy
  • Security
  • Usability

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'On the memorability of system-generated PINs: Can chunking help?'. Together they form a unique fingerprint.

Cite this