论文信息 - Using personal photos as pictorial passwords

Using personal photos as pictorial passwords

Pictorial passwords, where the user recognizes "target" images among "distractors", appear to have potential for improving the usability of authentication systems. We conducted three exploratory studies on the use of personal photos for authentication over a three-month period. Participants provided 8-20 photos of personal significance to them but which they believed others would not recognize. They also chose four photos to remember from a set of stock photos. Recognition accuracy for the personal photos was significantly higher than the stock photos. We also manipulated the number of target and distractor photos as well as their similarity, and we tested how well others who know the users could guess their photos. Larger numbers of distractors and greater similarity to the targets made it harder for others to guess the correct photos, while having no impact on the user's own recognition accuracy.

Thomas S. Tullis | Donna P. Tedesco | T. Tullis | D. Tedesco

[1] Rachna Dhamija,et al. Hash visualization in user authentication , 2000, CHI Extended Abstracts.

[2] Michael K. Reiter,et al. On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[3] Daphna Weinshall,et al. Passwords you'll never forget, but can't recall , 2004, CHI EA '04.

[4] Vibha Sazawal,et al. Doodling our way to better authentication , 2002, CHI Extended Abstracts.

[5] R. Haber,et al. Perception and memory for pictures: Single-trial learning of 2500 visual stimuli , 1970 .

[6] Jerome H. Saltzer,et al. Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[7] Antonella De Angeli,et al. Usability and biometric verification at the ATM interface , 2003, CHI '03.

[8] Daniel Klein,et al. Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[9] R. Shepard. Recognition memory for words, sentences, and pictures , 1967 .