Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Character Strings, Memory and Passwords: What a Recall Study Can Tell Us.



Brian C. Stanton, Kristen Greene


Many users must authenticate to multiple systems and applications, often using different passwords, on a daily basis. At the same time, the recommendations of security experts are driving increases in the required character length and complexity of passwords. The thinking is that longer passwords will result in greater “entropy,” or randomness, making them more difficult to guess. The greater complexity requires inclusion of upper- and lower-case letters, nu-merals, and special characters. How users interact and cope with passwords of different length and complexity is a topic of significant interest to both the computer science and cognitive science research communities. Using experimental methodology from the behavioral sciences, we set out to answer the following question: how memorable are complex character strings of different lengths that might be used as higher-entropy passwords? In this ex-periment, participants were asked to memorize a series of ten different character strings and type them repeatedly into a computer program. Character string lengths varied and the random characters were made up of alphanumeric and special characters in order to mimic passwords. Not surprisingly, our findings indicate that the longer a character string is, the longer it takes for a person to recall it, and the more likely they are to make an error when trying to re-type that string. These effects are particularly pronounced for strings of eight to ten characters or longer.
Proceedings Title
Proceedings of the 16th International Conference on Human-Computer Interaction
Conference Dates
June 22-27, 2014
Conference Location
Conference Title
The 16th International Conference on Human-Computer Interaction


passwords, security, character strings, memory, recall


Stanton, B. and Greene, K. (2014), Character Strings, Memory and Passwords: What a Recall Study Can Tell Us., Proceedings of the 16th International Conference on Human-Computer Interaction, Crete, -1 (Accessed June 16, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created June 22, 2014, Updated February 19, 2017