Personalized cognitive passwords: an exploratory assessment

Lior Lazar (Faculty of Management, Tel Aviv University, Tel Aviv, Israel)
Omer Tikolsky (Faculty of Management, Tel Aviv University, Tel Aviv, Israel)
Chanan Glezer (Department of Industrial Engineering and Management, Ariel University Center of Samaria, Ariel, Israel)
Moshe Zviran (Faculty of Management, Tel Aviv University, Tel Aviv, Israel)

Information Management & Computer Security

ISSN: 0968-5227

Publication date: 22 March 2011



Cognitive passwords are typically realized using “one size fits all” fact‐based or opinion‐based questions, and as such are prone to guessing attacks. The purpose of this paper is to propose a method of personalizing cognitive passwords to individual users, to close this loophole, and evaluate its performance against rigid cognitive passwords.


A personalized questionnaire formulated by the subjects was benchmarked against a rigid questionnaire in terms of recall and security. The evaluation employed two constructs used extensively in previous research, namely, Recall – the success in remembering a password, and Secrecy – the likelihood that the password cannot be guessed.


While the experiment found that personalization increases the recall of cognitive passwords, it showed no improvement in secrecy (reducing guessing rates).

Research limitations/implications

The study was conducted in an academic environment with young freshmen students thereby limiting external validity. Another problem might stem from the difference in the length of the questionnaires between groups in order to minimize drop‐out rates.

Practical implications

Secrecy was and still is the Achilles heel of the cognitive password mechanism and therefore the results imply that some restrictions should be imposed to prevent selection of over‐simplistic cognitive passwords.


This study is important because it is the first of its kind – benchmarking recall and secrecy of two types of cognitive authentication methods – rigid and personalized.



Lazar, L., Tikolsky, O., Glezer, C. and Zviran, M. (2011), "Personalized cognitive passwords: an exploratory assessment", Information Management & Computer Security, Vol. 19 No. 1, pp. 25-41.

Download as .RIS



Emerald Group Publishing Limited

Copyright © 2011, Emerald Group Publishing Limited

Please note you might not have access to this content

You may be able to access this content by login via Shibboleth, Open Athens or with your Emerald account.
If you would like to contact us about accessing this content, click the button and fill out the form.
To rent this content from Deepdyve, please click the button.