Authentication using graphical passwords: effects of tolerance and image choice

Graphical passwords are an alternative to alphanumeric passwords in which users click on images to authenticate themselves rather than type alphanumeric strings. We have developed one such system, called PassPoints, and evaluated it with human users. The results of the evaluation were promising with respect to rmemorability of the graphical password. In this study we expand our human factors testing by studying two issues: the effect of tolerance, or margin of error, in clicking on the password points and the effect of the image used in the password system. In our tolerance study, results show that accurate memory for the password is strongly reduced when using a small tolerance (10 x 10 pixels) around the user's password points. This may occur because users fail to encode the password points in memory in the precise manner that is necessary to remember the password over a lapse of time. In our image study we compared user performance on four everyday images. The results indicate that there were few significant differences in performance of the images. This preliminary result suggests that many images may support memorability in graphical password systems.

[1]  M. A. Borges,et al.  Recall and recognition of words and pictures by adults and children , 1977 .

[2]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[3]  J. Henderson,et al.  Accurate visual memory for previously attended objects in natural scenes , 2002 .

[4]  P. Fitts The information capacity of the human motor system in controlling the amplitude of movement. , 1954, Journal of experimental psychology.

[5]  Antonella De Angeli,et al.  Usability and biometric verification at the ATM interface , 2003, CHI '03.

[6]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[7]  L. Standing Learning 10000 pictures , 1973 .

[8]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[9]  Sacha Brostoff,et al.  Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .

[10]  D. Rundus Analysis of rehearsal processes in free recall. , 1971 .

[11]  Andrew S. Patrick,et al.  HCI and security systems , 2003, CHI Extended Abstracts.

[12]  A. Paivio,et al.  Why are pictures easier to recall than words? , 1968 .

[13]  H. P. Bahrick Semantic memory content in permastore: fifty years of memory for Spanish learned in school. , 1984, Journal of experimental psychology. General.

[14]  David C. Feldmeier,et al.  UNIX Password Security - Ten Years Later , 1989, CRYPTO.

[15]  J. Wixted The psychology and neuroscience of forgetting. , 2004, Annual review of psychology.

[16]  Susan Wiedenbeck,et al.  PassPoints : Design and Evaluation of a Graphical Password System , 2005 .

[17]  Alan S. Brown,et al.  Generating and remembering passwords , 2004 .

[18]  L. Standing Learning 10,000 pictures. , 1973, The Quarterly journal of experimental psychology.

[19]  Sharath Pankanti,et al.  BIOMETRIC IDENTIFICATION , 2000 .

[20]  Colin Potts,et al.  Design of Everyday Things , 1988 .

[21]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[22]  M. Bradley,et al.  Remembering pictures: pleasure and arousal in memory. , 1992, Journal of experimental psychology. Learning, memory, and cognition.

[23]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[24]  Antonella De Angeli,et al.  VIP: a visual approach to user authentication , 2002, AVI '02.

[25]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[26]  Susan Wiedenbeck,et al.  Authentication Using Graphical Passwords: Basic Results , 2005 .

[27]  J. Henderson,et al.  Accurate visual memory for previously attended objects in natural scenes , 2002 .

[28]  R. Shepard Recognition memory for words, sentences, and pictures , 1967 .

[29]  V. S. Reed,et al.  Pictorial superiority effect. , 1976, Journal of experimental psychology. Human learning and memory.

[30]  I. Biederman,et al.  Searching for objects in real-world scences. , 1973, Journal of experimental psychology.

[31]  Nasir D. Memon,et al.  Robust discretization, with an application to graphical passwords , 2003, IACR Cryptol. ePrint Arch..

[32]  G. Ritchey,et al.  Long-Term Memory for Pictures , 2005 .

[33]  Daphna Weinshall,et al.  Passwords you'll never forget, but can't recall , 2004, CHI EA '04.