Graphical User Authentication: A Comparative Evaluation of Composite Scene Authentication vs. Three Competing Graphical Passcode Systems

Previous studies (Johnson & Werner, 2006; 2007) have shown that Composite Scene Authentication (CSA) passcodes are more memorable than alphanumeric passwords over extended retention intervals. This study evaluated the memorability of six types of graphical passcodes of varying complexity (including three variants of CSA passcodes) over thirty-minute and one-week retention intervals. The graphical passcodes were compared to one another, as well as to an alphanumeric password of equivalent bit length. A strong overall advantage in information retained was found for graphical passcodes (M = 92.83%) compared to alphanumeric passwords (M = 75.47%). In addition, CSA passcodes were remembered better (M = 97.1 %) than other graphical passcodes (M = 88.56%). An even larger difference was observed for percent successful logins for CSA passcodes (M = 84.23%) compared to other graphical passcodes (M= 56.39%) after the one-week retention interval. The variable bit lengths of the passcodes did not affect percent information retained.

[1]  O. Henry,et al.  A Ramble in Aphasia , 1905 .

[2]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[3]  Timothy D. Wilson,et al.  The halo effect: Evidence for unconscious alteration of judgments. , 1977 .

[4]  L. Standing Learning 10000 pictures , 1973 .

[5]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[6]  Antonella De Angeli,et al.  Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems , 2005, Int. J. Hum. Comput. Stud..

[7]  Korey Johnson,et al.  Using Composite Scene Authentication (Csa) as a Graphical Alternative to Alphanumeric Password Systems , 2006 .

[8]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[9]  L. Standing Learning 10,000 pictures. , 1973, The Quarterly journal of experimental psychology.

[10]  Steffen Werner,et al.  Memorability of Alphanumeric and Composite Scene Authentication (CSA) Passcodes Over Extended Retention Intervals , 2007 .

[11]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[12]  Antonella De Angeli,et al.  My password is here! An investigation into visuo-spatial authentication mechanisms , 2004, Interact. Comput..

[13]  M. Angela Sasse,et al.  Making Passwords Secure and Usable , 1997, BCS HCI.