Many people think they can’t remember secure passwords but the boffins found that they can, they just do not learn how to remember them correctly.
Joseph Bonneau, one of the two researchers who created the study got a group of volunteers to log into a website 90 times over the span of ten days, using whatever password they chose.
After entering their password, the website showed the volunteers a short security code, made of either four random letters or two random words, and asked them to type it. Throughout the ten-day experiment, the site added more letters and words to the code—up to 12 random letters or six random words—and the security code would take just a little longer to be displayed, prompting the participants to remember it themselves before it appeared.
Three days after the last login, 94 percent of the test subjects could remember their random code word or phrase, which were seemingly nonsensical strings of characters like “dkce2121sdd” or phrases like “fruit, bat klingon Yeats, snow, trousers.”
Bonneau said that there was a big dimension of human memory that hasn’t been explored with passwords,