Are Passfaces More Usable Than Passwords? A Field Trial Investigation

The proliferation of technology requiring user authentication has increased the number of passwords which users have to remember, creating a significant usability problem. This paper reports a usability comparison between a new mechanism for user authentication — Passfaces — and passwords, with 34 student participants in a 3-month field trial. Fewer login errors were made with Passfaces, even when periods between logins were long. On the computer facilities regularly chosen by participants to log in, Passfaces took a long time to execute. Participants consequently started their work later when using Passfaces than when using passwords, and logged into the system less often. The results emphasise the importance of evaluating the usability of security mechanisms in field trials.

[1]  J. G. Hollands,et al.  Engineering Psychology and Human Performance , 1984 .

[2]  Doug Mahar,et al.  Perceived acceptability of biometric security systems , 1995, Comput. Secur..

[3]  David Clark-Carter,et al.  The account taken of statistical power in research published in the British Journal of Psychology , 1997 .

[4]  Hyun-jung Kim Biometrics, is it a viable proposition for identity authentication and access control? , 1995, Comput. Secur..

[5]  Mohammad S. Obaidat,et al.  Verification of computer users using keystroke dynamics , 1997, IEEE Trans. Syst. Man Cybern. Part B.

[6]  H. P. Bahrick,et al.  Fifty years of memory for names and faces: A cross-sectional approach. , 1975 .

[7]  J. D. Valentine Ultrahigh sensitivity heavy noble gas detectors for long-term monitoring and for monitoring air. Technical status report , 1999 .

[8]  M. Angela Sasse,et al.  Making Passwords Secure and Usable , 1997, BCS HCI.

[9]  Man Ieee Systems,et al.  IEEE transactions on systems, man and cybernetics. Part B, Cybernetics , 1996 .

[10]  Alan J. Parkin Memory: Phenomena, Experiment and Theory , 1993 .

[11]  V. S. Reed,et al.  Pictorial superiority effect. , 1976, Journal of experimental psychology. Human learning and memory.

[12]  Alan J. Parkin,et al.  Determinants of cued recall , 1981 .

[13]  G. Cohen Memory In The Real World , 1989 .

[14]  E. Tulving,et al.  Retroactive inhibition in free recall: Inaccessibility of information available in the memory store , 1971 .

[15]  A. R. Roddy,et al.  Fingerprint features-statistical analysis and system performance estimates , 1997 .

[16]  Simson L. Garfinkel,et al.  Practical UNIX and Internet Security , 1996 .

[17]  Ross J. Anderson Why cryptosystems fail , 1993, CCS '93.

[18]  F. Craik,et al.  Levels of Pro-cessing: A Framework for Memory Research , 1975 .

[19]  James Reason,et al.  Human Error , 1990 .

[20]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[21]  Jerome Svigals Smartcards - A security assessment , 1994, Comput. Secur..

[22]  Yishay Spector,et al.  Pass-sentence - a new approach to computer code , 1994, Comput. Secur..

[23]  Moshe Zviran,et al.  A Comparison of Password Techniques for Multilevel Authentication Mechanisms , 1990, Comput. J..

[24]  Moshe Zviran,et al.  Cognitive passwords: The key to easy access control , 1990, Comput. Secur..

[25]  Alan D. Baddeley,et al.  Human Memory: Theory and Practice, Revised Edition , 1990 .

[26]  Belden Menkus,et al.  Understanding the use of passwords , 1988, Comput. Secur..

[27]  A. Baddeley Human Memory: Theory and Practice, Revised Edition , 1990 .

[28]  Julie Bunnell,et al.  Cognitive, associative and conventional passwords: Recall and guessing rates , 1997, Comput. Secur..

[29]  Ma Sasse,et al.  Support for authoring and managing web-based coursework: the TACO Project , 1998 .