Memorability of Alphanumeric and Composite Scene Authentication (CSA) Passcodes Over Extended Retention Intervals

Current authentication strategies seek to increase security by requiring users to create more secure alphanumeric passwords. Unfortunately, the inverse relationship between alphanumeric password security and memorability prevents users from being able to create a password that is both secure and memorable. Graphical user authentication mechanisms have been explored as a means to maintain security while enhancing memorability of passcodes. Current approaches often use unrelated picture sets from which participants have to remember a subset, with mixed results. The study outlined in this paper seeks to further validate the Composite Scene Authentication (CSA) graphical passcode mechanism (Johnson & Werner, 2006). Extending retention intervals and increasing the variability of stimuli clearly demonstrated the superiority of CSA over alphanumerical passwords. In addition, we manipulated the mode of presentation (serial vs. composite) to assess the memorability of stimuli presented in different temporal formats. In the current study CSA passcodes consisting of nine categorical dimensions were compared to nine character alphanumeric passwords. Participants showed a strong advantage in passcode retention of graphical passcodes for both modes of presentation. This effect grew larger with increasing retention intervals. At the longest retention interval (6 weeks), only 10 (12%) participants were able to produce their alphanumerical password vs. 50 (60%) participants who were still able to produce the correct graphical passcode.

[1]  L. Standing Learning 10,000 pictures. , 1973, The Quarterly journal of experimental psychology.

[2]  Fred J. Damerau,et al.  A technique for computer detection and correction of spelling errors , 1964, CACM.

[3]  J. O'Regan,et al.  Solving the "real" mysteries of visual perception: the world as an outside memory. , 1992, Canadian journal of psychology.

[4]  M. Potter,et al.  Recognition memory for briefly presented pictures: the time course of rapid forgetting. , 2002, Journal of experimental psychology. Human perception and performance.

[5]  Antonella De Angeli,et al.  Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems , 2005, Int. J. Hum. Comput. Stud..

[6]  O. Henry,et al.  A Ramble in Aphasia , 1905 .

[7]  Korey Johnson,et al.  Using Composite Scene Authentication (Csa) as a Graphical Alternative to Alphanumeric Password Systems , 2006 .

[8]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[9]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[10]  L. Standing Learning 10000 pictures , 1973 .

[11]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[12]  M. Angela Sasse,et al.  Making Passwords Secure and Usable , 1997, BCS HCI.

[13]  Antonella De Angeli,et al.  My password is here! An investigation into visuo-spatial authentication mechanisms , 2004, Interact. Comput..

[14]  I. Biederman,et al.  On the information extracted from a glance at a scene. , 1974, Journal of experimental psychology.

[15]  J. Henderson,et al.  Does consistent scene context facilitate object perception? , 1998, Journal of experimental psychology. General.

[16]  J. Henderson,et al.  Accurate visual memory for previously attended objects in natural scenes , 2002 .