Re: petname implementation recommendation proposal

On Tue, Mar 18, 2008 at 7:20 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

>
> Just a side-question on this:
>
> Rachna Dhamija wrote:
> > I would question the cognitive burden that it
> > places on users.  It requires the user to take extra effort in coming up
> > with a petname for a site, entering it, and then noticing and
> > recognizing it in the future.  This is not "cognitively scalable".
>
> What does "cognitively scalable" mean? How well accepted is the
> term?


I've been using the term recently to refer to the burdens that
authentication systems place on users.  We use "technical scalability" (e.g.
bandwidth scalability) to refer to the ability for a system to grow or to
expand in capacity.  Similarly, we should think about our users' cognitive
capacity, whether it be the ability to recall information, visually notice
indicators, recognize correct states, etc.  For example, passwords are
usable if you consider a user interacting with one site at a time.  As you
add websites that have different password policies, you increase the memory
burden, but not the capacity of human memory to recall these passwords.
 Users will either find a way to make systems work with their limited brain
capacity (e.g. choose one password to reuse across sites), or they won't use
them.  Similarly, Petnames requires a small amount of mental effort, and
this work increases as you use it with more websites.  Therefore, I would
predict that users will only use it with a limited number of sites (which
may be what is intended), or they won't use it.


> (Honestly, not being argumentative, but it feels like I could
> invent a different meaning for each beer offered;-)
>

I'll try you at the next f2f :)

Received on Wednesday, 19 March 2008 06:12:11 UTC