Authenticating a user of an electronic device may involve confirming the user's identity before granting access to resources such as data, applications, computer systems, physical facilities, or the like. If an unauthorized user is able to access a device, data, or applications belonging to another user, the unauthorized user may be able to steal money, other property, data, an authorized user's identity, or the like. One method of user authentication prompts a user to enter a secret password before granting access to resources. However, a secure password that is not easily guessed by predictive or brute force algorithms may also be difficult to remember.