USC Password Study

You are invited to participate in a research study conducted by Professor Jelena Mirkovic and Simon Woo, at the University of Southern California. This webpage explains the structure and purpose of this study. You should ask questions about anything that is unclear to you (see Contact Information below).

This study examines the use of memorable experiences from a person's life for creation of unique, easy-to-remember, hard-to-guess passwords. You must be aged 18 or older to participate. Your participation is voluntary.

In order to participate in this study, you must enroll with at least one friend.

Study procedure

In the study you will be asked to create life-experience passwords (LEPs) for three imaginary servers. You will then be asked to authenticate by answering questions generated from your LEP.

We will ask you some questions about your general password usage before a user study. Also, we will ask you some questions about your experience after the user study.

LEP Generation

You will be asked to input information about a personal experience of your choice into our system, either in your own words or by answering questions posed by the system. We will use your input to extract facts about time, locations, people and activities in your experience. We will transform these facts into verification question/answer pairs. We will use the verification questions to prompt you during verification. The verification answers become your LEP.

You will repeat this process three times, in the same sitting. Please note that your chosen experience should not contain information about illegal activities nor information that is sensitive for you (e.g., intimate relationships) as our research staff will review your stories to identify useful questions for life-experience passwords.

Verification

At the end of the study we will ask you to answer verification questions. This will help us measure memorability of LEPs.

Potential Risks and Discomforts

There is minimal risk to you from feeling discomfort if you choose to use an unpleasant memory to create a LEP. You are asked not to choose any events which involve illegal behavior or information that could have negative consequences for you, for example, cheating, theft, etc.

Alternatives to Participation

There are no adverse effects to you if you choose not to participate in this study or if you decide to withdraw at any point. If you are USC student, your grades will not be affected, whether or not you participate in this study.

Confidentiality

The University of Southern California's Human Subjects Protection Program (HSPP) reviews and monitors research studies to protect the rights and welfare of research subjects. We will protect your privacy in the following way:
  1. 1.We will not ask you for any identifying information, such as name, email, etc. The system will assign you a random identifier for the study.
  2. All your input will be stored and examined by our research staff. The input will be stored indefinitely.
  3. Your verification questions (but not answers) may be viewed by other participants in the study so we can measure how easy it is for others to guess LEPs.
The data stored on our server will remain there indefinitely and may be used by us in future studies.

You have the right at any time to request this data to be removed from our server by sending email to the Principal Investigator at mirkovic@isi.edu and providing the identifier that was assigned to you for this study.

When the results of the research are published or discussed in conferences, no identifiable information will be used. We will list our publications and publications of any researchers who use this data at our project page: http://steel.isi.edu/Projects/LEP.

Potential Benefits to Participants and/or to Society

Each participant will be paid 10 $ for this study. While you may not directly benefit from your participation in this study, your input will help us design more secure, more memorable passwords.

Participation and Withdrawal

Your participation is voluntary. Your refusal to participate will involve no penalty or loss of benefits to which you are otherwise entitled. You may withdraw your participation at any time and discontinue without penalty. You are not waiving any legal claims, rights or remedies because of your participation in this research study.

Investigator's Contact Information

If you have any questions or concerns about the research, please feel free to contact the Principal Investigator Professor Jelena Mirkovic at: mirkovic@isi.edu or telephone: 310-448-9170.

USC Information Sciences Institute
4676 Admiralty Way, Suite 1001
Marina del Rey, CA 90292
310-448-9170
or via mirkovic@isi.edu.

IRB Contact Information

If you have questions, concerns, or complaints about your rights as a research participant you may contact the IRB directly at the information provided below. If you have questions about the research and are unable to contact the research team, or if you want to talk to someone independent of the research team, please contact the:

University Park Institutional Review Board (UPIRB)
3720 South Flower Street #301
Los Angeles, CA 90089-0702
(213) 821-5272
or upirb@usc.edu.



Please click HERE to enter our Password Study.