To gain access to computer systems, users are required to be authenticated. This is usually accomplished by having the user enter an alphanumeric username and password. Users are usually required to remember multiple passwords for different systems and this poses such problems as usability, memorabilty and secuurity. Passwords are usually difficult to remember and users have developed their own methods some of which are not secure of selecting passwords which are easy to remember.
In this research we developed a secure and usable password system which addresses the memorability problem. In our system users are required to remember three cartoon images which we demonstrate is easier to recall than a typical secure text password. This system is shown to be secure based on the probability of guessing a password and on the likelihood of an observer "shoulder surfing" the password and on the difficulty of launching a brute force attack against a graphical image system.
Our work demonstrates that security and usability can be achieved simultaneously. It lays the foundation for developing a class of similar password systems, differing only in the degree of security required. Our password system with its low memory requirements can be used in a wide array of applications.
[1]
Thomas S. Tullis,et al.
Using personal photos as pictorial passwords
,
2005,
CHI Extended Abstracts.
[2]
Nasir D. Memon,et al.
Authentication using graphical passwords: effects of tolerance and image choice
,
2005,
SOUPS '05.
[3]
Y. Rogers,et al.
Interaction Design
,
2002
.
[4]
Yvonne Rogers,et al.
Beyond Interaction Design: Beyond Human-Computer Interaction
,
2001
.
[5]
Yvonne Rogers,et al.
Interaction Design: Beyond Human-Computer Interaction
,
2002
.
[6]
M. Angela Sasse,et al.
Are Passfaces More Usable Than Passwords? A Field Trial Investigation
,
2000,
BCS HCI.
[7]
Antonella De Angeli,et al.
Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems
,
2005,
Int. J. Hum. Comput. Stud..
[8]
Adrian Perrig,et al.
This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication
,
2000
.
[9]
Austin Henderson,et al.
Interaction design: beyond human-computer interaction
,
2002,
UBIQ.