Pictorial passwords, where the user recognizes "target" images among "distractors", appear to have potential for improving the usability of authentication systems. We conducted three exploratory studies on the use of personal photos for authentication over a three-month period. Participants provided 8-20 photos of personal significance to them but which they believed others would not recognize. They also chose four photos to remember from a set of stock photos. Recognition accuracy for the personal photos was significantly higher than the stock photos. We also manipulated the number of target and distractor photos as well as their similarity, and we tested how well others who know the users could guess their photos. Larger numbers of distractors and greater similarity to the targets made it harder for others to guess the correct photos, while having no impact on the user's own recognition accuracy.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Lynne Coventry , Antonella De Angeli , Graham Johnson, Usability and biometric verification at the ATM interface, Proceedings of the SIGCHI conference on Human factors in computing systems, April 05-10, 2003, Ft. Lauderdale, Florida, USA  [doi>10.1145/642611.642639]
	2	Davis, D., Monrose, F., and Reitner, M. On User Choice in Graphical Password Schemes. Proc. 13th USENIX Security Symposium, USENIX Assoc. (2004), 1--14.
	3	Rachna Dhamija, Hash visualization in user authentication, CHI '00 extended abstracts on Human factors in computing systems, April 01-06, 2000, The Hague, The Netherlands  [doi>10.1145/633292.633455]
	4	Joseph Goldberg , Jennifer Hagman , Vibha Sazawal, Doodling our way to better authentication, CHI '02 extended abstracts on Human factors in computing systems, April 20-25, 2002, Minneapolis, Minnesota, USA  [doi>10.1145/506443.506639]
	5	Gong, L., Lomas, M.A., Needham, R.M., and Saltzer, J.H. Protecting Poorly Chosen Secrets from Guessing Attacks. IEEE Journal on Selected Areas in Communications, 11, 5 (1993), 648--656.
	6	Klein, D. "Foiling the Cracker": A Survey of, and Improvements to, Password Security. Proc. 2nd USENIX Workshop on Security (1990), 1--11.
	7	Pictures as Passwords. The Economist, Sept. 16, 2004. http://www.economist.com/science/tq/displayStory.cfm?story_id=3171359
	8	Real User Technology and Products (2004). Passfaces-System, http://www.realuser.com/published/RealUserTechnologyAndProducts.pdf
	9	Shepard, R.N. Recognition Memory for Words, Sentences, and Pictures. Journal Verb Learn Verb Behav 6 (1967), 156--163.
	10	Standing, L., Conezio, J., and Haber, R.N. Perception and Memory for Pictures: Single-trial learning of 2500 visual stimuli. Psychonomic Science, 19, 2 (1970), 73--74.
	11	Daphna Weinshall , Scott Kirkpatrick, Passwords you'll never forget, but can't recall, CHI '04 extended abstracts on Human factors in computing systems, April 24-29, 2004, Vienna, Austria  [doi>10.1145/985921.986074]