On Tue, Mar 18, 2008 at 7:20 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Just a side-question on this: > > Rachna Dhamija wrote: > > I would question the cognitive burden that it > > places on users. It requires the user to take extra effort in coming up > > with a petname for a site, entering it, and then noticing and > > recognizing it in the future. This is not "cognitively scalable". > > What does "cognitively scalable" mean? How well accepted is the > term? I've been using the term recently to refer to the burdens that authentication systems place on users. We use "technical scalability" (e.g. bandwidth scalability) to refer to the ability for a system to grow or to expand in capacity. Similarly, we should think about our users' cognitive capacity, whether it be the ability to recall information, visually notice indicators, recognize correct states, etc. For example, passwords are usable if you consider a user interacting with one site at a time. As you add websites that have different password policies, you increase the memory burden, but not the capacity of human memory to recall these passwords. Users will either find a way to make systems work with their limited brain capacity (e.g. choose one password to reuse across sites), or they won't use them. Similarly, Petnames requires a small amount of mental effort, and this work increases as you use it with more websites. Therefore, I would predict that users will only use it with a limited number of sites (which may be what is intended), or they won't use it. > (Honestly, not being argumentative, but it feels like I could > invent a different meaning for each beer offered;-) > I'll try you at the next f2f :)
Received on Wednesday, 19 March 2008 06:12:11 UTC