Various mechanisms for authenticating users of computer-based information systems have been proposed. These include traditional, user-selected passwords, system-generated passwords, passphrases, cognitive passwords and associative passwords. While the mechanisms employed im primary passwords are determined by the operating systems' manufacturers, system designers can select any password mechanism for secondary passwords, to further protect sensitive applications and data files. This paper reports on the results of an empirically based study of passwords characteristics. It provides a comparative evaluation on the memorability and users' subjective preferences of the various passwords mechanisms, and suggest that cognitive passwords and associative passwords seem the most appropriate for secondary passwords. Keywords: Computer security. (kr)