The Memory Palace: Exploring Visual-Spatial Paths for Strong, Memorable, Infrequent Authentication

Many accounts and devices require only infrequent authentication by an individual, and thus authentication secrets should be both secure and memorable without much reinforcement. Inspired by people's strong visual-spatial memory, we introduce a novel system to help address this problem: the Memory Palace. The Memory Palace encodes authentication secrets as paths through a 3D virtual labyrinth navigated in the first-person perspective. We ran two experiments to iteratively design and evaluate the Memory Palace. In the first, we found that visual-spatial secrets are most memorable if navigated in a 3D first-person perspective. In the second, we comparatively evaluated the Memory Palace against Android's 9-dot pattern lock along three dimensions: memorability after one week, resilience to shoulder surfing, and speed. We found that relative to 9-dot, complexity-controlled secrets in the Memory Palace were significantly more memorable after one week, were much harder to break through shoulder surfing, and were not significantly slower to enter.

[1]  Julie Thorpe,et al.  Usability and security evaluation of GeoPass: a geographic location-password scheme , 2013, SOUPS.

[2]  J. Caplan,et al.  Building a memory palace in minutes: equivalent memory performance using virtual versus conventional environments with the Method of Loci. , 2012, Acta psychologica.

[3]  Paul C. van Oorschot,et al.  Passwords: If We're So Smart, Why Are We Still Using Them? , 2009, Financial Cryptography.

[4]  Dimitriadis Evangelos,et al.  The Quest to Replace Passwords : a Framework for Comparative Evaluation of Web Authentication Schemes , 2016 .

[5]  Jason I. Hong,et al.  Exploring capturable everyday memory for autobiographical authentication , 2013, UbiComp.

[6]  Antonella De Angeli,et al.  My password is here! An investigation into visuo-spatial authentication mechanisms , 2004, Interact. Comput..

[7]  Stephen A. Benton,et al.  Haptic holography: a primitive computational plastic , 2003, Proc. IEEE.

[8]  Jay Lee,et al.  HandSCAPE: a vectorizing tape measure for on-site measuring applications , 2000, CHI.

[9]  Markus Dürmuth,et al.  Quantifying the security of graphical passwords: the case of android unlock patterns , 2013, CCS.

[10]  Mark Buchanan A little more conversation , 2008 .

[11]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[12]  Kimiko Ryokai,et al.  Probing the Potential of Post-Anthropocentric 3D Printing , 2016, Conference on Designing Interactive Systems.

[13]  Hiroshi Ishii,et al.  CopyCAD: remixing physical objects with copy and paste from the real world , 2010, UIST '10.

[14]  Gierad Laput,et al.  Thumprint: Socially-Inclusive Local Group Authentication Through Shared Secret Knocks , 2017, CHI.

[15]  E. Tulving How many memory systems are there , 1985 .

[16]  Jeffrey P. Bigham,et al.  It's Time to Do Something: Mitigating the Negative Impacts of Computing Through a Change to the Peer Review Process , 2021, ArXiv.

[17]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[18]  Allison M. Okamura,et al.  Sensory Substitution and Augmentation Using 3-Degree-of-Freedom Skin Deformation Feedback , 2015, IEEE Transactions on Haptics.

[19]  Robert Kovacs,et al.  Protopiper: Physically Sketching Room-Sized Objects at Actual Scale , 2015, UIST.

[20]  Alexander De Luca,et al.  It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception , 2014, SOUPS.

[21]  Takeo Igarashi,et al.  Spatial sketch: bridging between movement & fabrication , 2010, TEI '10.

[22]  Scott R. Klemmer,et al.  How bodies matter: five themes for interaction design , 2006, DIS '06.

[23]  Joseph A. Paradiso,et al.  The Wise Chisel: The Rise of the Smart Handheld Tool , 2014, IEEE Pervasive Computing.

[24]  Laura A. Dabbish,et al.  The Role of Social Influence in Security Feature Adoption , 2015, CSCW.

[25]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[26]  Kris Luyten,et al.  StrutModeling: A Low-Fidelity Construction Kit to Iteratively Model, Test, and Adapt 3D Objects , 2017, UIST.

[27]  Wilmot Li,et al.  ProxyPrint: Supporting Crafting Practice through Physical Computational Proxies , 2016, Conference on Designing Interactive Systems.

[28]  Koichi Morishige,et al.  Development of Turning Machine Operation Interface that Uses Haptic Device (Application to Complicated Cutting by Special Byte) , 2016 .

[29]  Arjun Jaiswal,et al.  Graphical Password Authentication using Cued Click Points , 2014 .

[30]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[31]  Fabian Monrose,et al.  Keystroke dynamics as a biometric for authentication , 2000, Future Gener. Comput. Syst..

[32]  Heinrich Hußmann,et al.  Investigating the Third Dimension for Authentication in Immersive Virtual Reality and in the Real World , 2019, 2019 IEEE Conference on Virtual Reality and 3D User Interfaces (VR).

[33]  Pedro Lopes,et al.  Interactive construction: interactive fabrication of functional mechanical devices , 2012, UIST.

[34]  Matthew Smith,et al.  Where Have You Been? Using Location-Based Security Questions for Fallback Authentication , 2015, SOUPS.

[35]  Jeremy Warner,et al.  MatchSticks: Woodworking through Improvisational Digital Fabrication , 2018, CHI.

[36]  Abdulmotaleb El-Saddik,et al.  Three-Dimensional Password for More Secure Authentication , 2008, IEEE Transactions on Instrumentation and Measurement.

[37]  Joseph Bonneau,et al.  Towards Reliable Storage of 56-bit Secrets in Human Memory , 2014, USENIX Security Symposium.

[38]  Kimiko Ryokai,et al.  Being the Machine: Reconfiguring Agency and Control in Hybrid Fabrication , 2015, CHI.

[39]  Neff Walker,et al.  Evaluating the importance of multi-sensory input on memory and the sense of presence in virtual environments , 1999, Proceedings IEEE Virtual Reality (Cat. No. 99CB36316).

[40]  E. Maguire,et al.  Routes to remembering: the brains behind superior memory , 2003, Nature Neuroscience.

[41]  Madeline Gannon,et al.  ExoSkin: On-Body Fabrication , 2016, CHI.

[42]  Björn Hartmann,et al.  Direct and immediate drawing with CNC machines , 2017, SCF.

[43]  Desney S. Tan,et al.  GyroTab: a handheld device that provides reactive torque feedback , 2012, CHI.

[44]  Hod Lipson,et al.  ModelCraft: capturing freehand annotations and edits on physical 3D models , 2006, UIST.

[45]  Peter Maurer,et al.  Moonwalking With Einstein The Art And Science Of Remembering Everything , 2016 .

[46]  Alex Olwal,et al.  Grabity: A Wearable Haptic Interface for Simulating Weight and Grasping in Virtual Reality , 2017, UIST.

[47]  Sauvik Das Social cybersecurity: Understanding and leveraging social influence to increase security sensitivity , 2016, it Inf. Technol..

[48]  Sean Follmer,et al.  Drill Sergeant: Supporting Physical Construction Projects through an Ecosystem of Augmented Tools , 2016, CHI Extended Abstracts.

[49]  Clement Zheng,et al.  Compositional 3D printing: expanding & supporting workflows towards continuous fabrication , 2018, SCF.

[50]  Marios Belk,et al.  Influences of Human Cognition and Visual Behavior on Password Strength during Picture Password Composition , 2018, CHI.

[51]  G. Bower Analysis of a mnemonic device , 1970 .

[52]  Yasuaki Kakehi,et al.  enchanted scissors: a scissor interface for support in cutting and interactive fabrication , 2013, SIGGRAPH '13.

[53]  Wendy Ju,et al.  Haptic skin stretch on a steering wheel for displaying preview information in autonomous cars , 2016, 2016 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS).

[54]  Robert Kovacs,et al.  Patching Physical Objects , 2015, UIST.

[55]  Hans-Werner Gellersen,et al.  ReForm: Integrating Physical and Digital Design through Bidirectional Fabrication , 2015, UIST.

[56]  Patrick Baudisch,et al.  RoMA: Interactive Fabrication with Augmented Reality and a Robotic 3D Printer , 2018, CHI.

[57]  Joseph A. Paradiso,et al.  Augmented Airbrush for Computer Aided Painting (CAP) , 2015, TOGS.

[58]  C. Debresson,et al.  Forces of production : a social history of industrial automation , 1985 .

[59]  Jason I. Hong,et al.  1 CASA : A Framework for Context-Aware Scalable Authentication , 2013 .

[60]  Tim Dalgleish,et al.  Method-of-Loci as a Mnemonic Device to Facilitate Access to Self-Affirming Personal Memories for Individuals With Depression , 2013 .

[61]  Abdulmotaleb El-Saddik,et al.  A Novel 3D Graphical Password Schema , 2006, 2006 IEEE Symposium on Virtual Environments, Human-Computer Interfaces and Measurement Systems.

[62]  Catherine Plaisant,et al.  Virtual memory palaces: immersion aids recall , 2018, Virtual Reality.

[63]  Moti Yung,et al.  Fourth-factor authentication: somebody you know , 2006, CCS '06.

[64]  Laura A. Dabbish,et al.  A Typology of Perceived Triggers for End-User Security and Privacy Behaviors , 2019, SOUPS @ USENIX Security Symposium.

[65]  Stefanie Müller,et al.  WirePrint: 3D printed previews for fast prototyping , 2014, UIST.

[66]  Hans-Werner Gellersen,et al.  SPATA: Spatio-Tangible Tools for Fabrication-Aware Design , 2015, TEI.

[67]  Adam J. Aviv,et al.  Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.

[68]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[69]  David Meyer,et al.  The role of perceived enjoyment and social norm in the adoption of technology with network externalities , 2008, Eur. J. Inf. Syst..

[70]  Pattie Maes,et al.  NeverMind: Using Augmented Reality for Memorization , 2016, UIST.

[71]  Heinrich Hußmann,et al.  I Know What You Did Last Week! Do You?: Dynamic Security Questions for Fallback Authentication on Smartphones , 2015, CHI.

[72]  Eyal Ofek,et al.  NormalTouch and TextureTouch: High-fidelity 3D Haptic Shape Rendering on Handheld Virtual Reality Controllers , 2016, UIST.

[73]  Frédo Durand,et al.  Position-correcting tools for 2D digital fabrication , 2012, ACM Trans. Graph..

[74]  Robert Biddle,et al.  Graphical passwords: Learning from the first twelve years , 2012, CSUR.

[75]  Laura A. Dabbish,et al.  The Effect of Social Influence on Security Sensitivity , 2014, SOUPS.

[76]  Steve Marschner,et al.  On-The-Fly Print: Incremental Printing While Modelling , 2016, CHI.

[77]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[78]  L. Squire Memory systems of the brain: A brief history and current perspective , 2004, Neurobiology of Learning and Memory.

[79]  E. Mulvey,et al.  Regression analyses of counts and rates: Poisson, overdispersed Poisson, and negative binomial models. , 1995, Psychological bulletin.

[80]  L. T. C. Rolt,et al.  A short history of machine tools , 1966 .

[81]  Mary Ellen Zurko,et al.  Someone to watch over me , 2012, NSPW '12.

[82]  Frédo Durand,et al.  Sculpting by numbers , 2012, ACM Trans. Graph..