Abstract:Mnemonic strategy is used to help users to generate secure and memorable passwords; this topic has attracted extensive interests from worldwide researchers in recent years. Most of the existing mnemonic strategies have some problems such as low security and inconvenient memory. This paper presents a Chinese sentence-based password mnemonic strategy, the user selects a memorable sentence as a mnemonic sentence, and then converts it into a password based on predefined rules or the user's choice, and we evaluate its performance by a control experiment. To evaluate the security and usability of the mnemonic strategy, we use performance assessment tools such as the Markov chain model, to compare the generated passwords with a large number of real-world passwords. In terms of usability, NASA-TLX shows that although the workloads required in our mnemonic strategy are higher than those from non-strategy in password generation phase, whether to use mnemonic strategies has no significant difference in short-term memory and long-term memory. In addition, in terms of security, all password strength assessment tools show that the passwords generated by our mnemonic strategy are stronger than the real-world passwords. While converting the mnemonic sentence into a password, this strategy hides personal sensitive information, so it reduces the risk of password leakage due to personal information leakage, and improves the security of the strategy.