Authentication Using Graphical Passwords: Basic Results

Access to computer systems is most often based on the use of alphanumeric passwords. However, users have difficulty remembering a password that is long and random-appearing. Instead, they create short, simple, and insecure passwords. Graphical passwords have been designed to try to make passwords more memorable and easier for people to use and, therefore, more secure. Using a graphical password, users click on images rather than type alphanumeric characters. We have designed a new and more secure graphical password system, called PassPoints. In this paper we describe the PassPoints system, its security characteristics, and the empirical study we carried out comparing PassPoints to alphanumeric passwords. In the empirical study participants learned either an alphanumeric or graphical password and subsequently carried out three longitudinal trials to input their passwords over a period of five weeks. The results show that the graphical group took longer and made more errors in learning the password, but that the difference was largely a consequence of just a few graphical participants who had difficulty learning to use graphical passwords. In the longitudinal trials the two groups performed similarly on memory of their password, but the graphical group took more time to input a password.

[1]  Andrew S. Patrick,et al.  HCI and security systems , 2003, CHI Extended Abstracts.

[2]  J. Wixted The psychology and neuroscience of forgetting. , 2004, Annual review of psychology.

[3]  Susan Wiedenbeck,et al.  PassPoints : Design and Evaluation of a Graphical Password System , 2005 .

[4]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[5]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[6]  Colin Potts,et al.  Design of Everyday Things , 1988 .

[7]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[8]  Nasir D. Memon,et al.  Robust discretization, with an application to graphical passwords , 2003, IACR Cryptol. ePrint Arch..

[9]  G. Ritchey,et al.  Long-Term Memory for Pictures , 2005 .

[10]  Alan S. Brown,et al.  Generating and remembering passwords , 2004 .

[11]  L. Standing Learning 10,000 pictures. , 1973, The Quarterly journal of experimental psychology.

[12]  L. Standing Learning 10000 pictures , 1973 .

[13]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[14]  P. Fitts The information capacity of the human motor system in controlling the amplitude of movement. , 1954, Journal of experimental psychology.

[15]  D. Rundus Analysis of rehearsal processes in free recall. , 1971 .

[16]  A. Paivio,et al.  Why are pictures easier to recall than words? , 1968 .

[17]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[18]  R. Shepard Recognition memory for words, sentences, and pictures , 1967 .