Password Expiration Strategy: A Perspective of Ecological Memory

Based on the ecological user memory, this paper establishes a security strategy model (SSM) to quantify the memory cost of passwords and the value of accounts to users in assword expiration strategy. This paper introduces the theory of human ecological memory to explain the memory cost of account password to users. We experiment on 304 users to prove that when users modify a single account, the security benefits of modifying a high-value account are greater for users. In the case of modifying multiple accounts, modifying accounts with password reuse will gain greater security for users. Experimental results show that when users modify password accounts, adding personal information can increase password strength to some extent while minimizing memory costs. In this paper, we for the first time use user ecological memory as one of the criteria to evaluate user security benefits, which might be the trend of future research on user behavior creating and password modification policy.