PassShapes: utilizing stroke based authentication to increase password memorability

Authentication today mostly relies on passwords or personal identification numbers (PINs). Therefore the average user has to remember an increasing amount of PINs and passwords. Unfortunately, humans have limited capabilities for remembering abstract alphanumeric sequences. Thus, many people either forget them or use very simple ones, which implies several security risks. In this work, a novel authentication method called PassShapes is presented. In this system users authenticate themselves to a computing system by drawing simple geometric shapes constructed of an arbitrary combination of eight different strokes. We argue that using such shapes will allow more complex and thus more secure authentication tokens with a lower cognitive load and higher memorability. To prove these assumptions, two user studies have been conducted. The memorability evaluation showed that the PassShapes concept is able to increase the memorability when users can practice the PassShapes several times. This effect is even increasing over time. Additionally, a prototype was implemented to conduct a usability study. The results of both studies indicate that the PassShapes approach is able to provide a usable and memorable authentication method.

[1]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[2]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[3]  F. Craik,et al.  Levels of Pro-cessing: A Framework for Memory Research , 1975 .

[4]  T. Brashers-Krug,et al.  Functional Stages in the Formation of Human Long-Term Motor Memory , 1997, The Journal of Neuroscience.

[5]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[6]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[7]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[8]  Nasir D. Memon,et al.  Modeling user choice in the PassPoints graphical password scheme , 2007, SOUPS '07.

[9]  Flores B. d'Arcais Giovanni Order of strokes writing as a cue for retrieval in reading Chinese characters. , 1994 .

[10]  R. Haber,et al.  Perception and memory for pictures: Single-trial learning of 2500 visual stimuli , 1970 .

[11]  M. Naka,et al.  The effect of repeated writing on memory , 1995, Memory & cognition.

[12]  Heinrich Hußmann,et al.  Eyepass - eye-stroke authentication for public terminals , 2008, CHI Extended Abstracts.

[13]  Antonella De Angeli,et al.  My password is here! An investigation into visuo-spatial authentication mechanisms , 2004, Interact. Comput..

[14]  A. Paivio,et al.  Picture superiority in free recall: Imagery or dual coding? , 1973 .

[15]  Antonella De Angeli,et al.  Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems , 2005, Int. J. Hum. Comput. Stud..

[16]  Daniel Klein,et al.  Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[17]  Julie Thorpe,et al.  On predictive models and user-drawn graphical passwords , 2008, TSEC.

[18]  Alexander De Luca,et al.  Evaluation of eye-gaze interaction methods for security enhanced PIN-entry , 2007, OZCHI '07.

[19]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[20]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[21]  Julie Thorpe,et al.  Analyzing User Choice in Graphical Passwords , 2004 .