The effect of baroque music on the PassPoints graphical password

Graphical passwords have been demonstrated to be the possible alternatives to traditional alphanumeric passwords. However, they still tend to follow predictable patterns that are easier to attack. The crux of the problem is users' memory limitations. Users are the weakest link in password authentication mechanism. It shows that baroque music has positive effects on human memorizing and learning. We introduce baroque music to the PassPoints graphical password scheme and conduct a laboratory study in this paper. Results shown that there is no statistic difference between the music group and the control group without music in short-term recall experiments, both had high recall success rates. But in long-term recall, the music group performed significantly better. We also found that the music group tended to set significantly more complicated passwords, which are usually more resistant to dictionary and other guess attacks. But compared with the control group, the music group took more time to log in both in short-term and long-term tests. Besides, it appears that background music does not work in terms of hotspots.

[1]  Nasir D. Memon,et al.  Authentication using graphical passwords: effects of tolerance and image choice , 2005, SOUPS '05.

[2]  Alain Forget,et al.  Influencing users towards better passwords: persuasive cued click-points , 2008, BCS HCI.

[3]  Antonella De Angeli,et al.  Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems , 2005, Int. J. Hum. Comput. Stud..

[4]  D. Perkins Your Memory: How It Works and How to Improve It by Kenneth L. Higbee, The Psychology of Memory by Alan D. Baddeley (review) , 2017 .

[5]  Manolya Kavakli,et al.  Game engineering approach to the effect of music on learning in virtual-immersive environments , 2006 .

[6]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[7]  U. Aickelin,et al.  The effect of baroque music on the PassPoints graphical password , 2010, CIVR '10.

[8]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[9]  Julie Thorpe,et al.  Analyzing User Choice in Graphical Passwords , 2004 .

[10]  Alain Forget,et al.  Influencing users towards better passwords: persuasive cued click-points , 2008 .

[11]  Nasir D. Memon,et al.  Modeling user choice in the PassPoints graphical password scheme , 2007, SOUPS '07.

[12]  Haichang Gao,et al.  Analysis and Evaluation of the ColorLogin Graphical Password Scheme , 2009, 2009 Fifth International Conference on Image and Graphics.

[13]  T. Wright,et al.  A Picture Memory. , 2003 .

[14]  Xiaoping Chen,et al.  YAGP: Yet Another Graphical Password Strategy , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[15]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[16]  Daphna Weinshall,et al.  Passwords you'll never forget, but can't recall , 2004, CHI EA '04.

[17]  Robert Biddle,et al.  Graphical Password Authentication Using Cued Click Points , 2007, ESORICS.

[18]  J. Yan,et al.  Password memorability and security: empirical results , 2004, IEEE Security & Privacy Magazine.

[19]  Jeff Yan,et al.  Do background images improve "draw a secret" graphical passwords? , 2007, CCS '07.

[20]  V. S. Reed,et al.  Pictorial superiority effect. , 1976, Journal of experimental psychology. Human learning and memory.

[21]  Gordon Dryden,et al.  The learning revolution : to change the way the world learns , 1999 .

[22]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[23]  F. Rauscher,et al.  Music and spatial task performance , 1993, Nature.

[24]  Julie Thorpe,et al.  Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords , 2007, USENIX Security Symposium.

[25]  Andrew S. Patrick,et al.  HCI and security systems , 2003, CHI Extended Abstracts.

[26]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).