Authentication using graphical passwords

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Authentication using graphical passwords: effects of tolerance and image choice

Full text

Pdf (556 KB)

Source

ACM International Conference Proceeding Series; Vol. 93 archive
Proceedings of the 2005 symposium on Usable privacy and security table of contents

Pittsburgh, Pennsylvania

Pages: 1 - 12

Year of Publication: 2005

ISBN:1-59593-178-3

Authors

Susan Wiedenbeck	Drexel University, Philadelphia, PA
Jim Waters	Drexel University, Philadelphia, PA
Jean-Camille Birget	Rutgers University, Camden, NJ
Alex Brodskiy	Polytechnic University, Brooklyn, NY
Nasir Memon	Polytechnic University, Brooklyn, NY

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 26, Downloads (12 Months): 221, Citation Count: 13

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1073001.1073002 What is a DOI?

ABSTRACT

Graphical passwords are an alternative to alphanumeric passwords in which users click on images to authenticate themselves rather than type alphanumeric strings. We have developed one such system, called PassPoints, and evaluated it with human users. The results of the evaluation were promising with respect to rmemorability of the graphical password. In this study we expand our human factors testing by studying two issues: the effect of tolerance, or margin of error, in clicking on the password points and the effect of the image used in the password system. In our tolerance study, results show that accurate memory for the password is strongly reduced when using a small tolerance (10 x 10 pixels) around the user's password points. This may occur because users fail to encode the password points in memory in the precise manner that is necessary to remember the password over a lapse of time. In our image study we compared user performance on four everyday images. The results indicate that there were few significant differences in performance of the images. This preliminary result suggests that many images may support memorability in graphical password systems.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Anne Adams , Martina Angela Sasse, Users are not the enemy, Communications of the ACM, v.42 n.12, p.40-46, Dec. 1999 [doi>10.1145/322796.322806]
	2	Bahrick, H. P. semantic memory content in permastore: Fifty years of memory for Spanish learned in school. Journal of Verbal Learning and Verbal Behavior 14 (1984), 1--24.
	3	Biederman, I., Glass, A. L. and Stacy, E. W. Searching for objects in real world scenes. Journal of Experimental Psychology 97 (1973), 22--27.
	4	Birget, J. C., Hong, d., Memon, N. Robust discretization, with application to graphical passwords. Cryptology ePrint Archive, http://eprint.iacr.org/2003/168, accessed Jan. 17, 2005.
	5	Blonder, G. E. Graphical passwords. United States Patent 5559961, (1996).
	6	Borges, M. A., Stepnowsky, M. A., and Holt, L. H. Recall and recognition of words and pictures by adults and children. Bulletin of the Psychonomic Society 9, 2 (1977), 113--114.
	7	Boroditsky, M. Passlogix Password Schemes. http://www.passlogix.com. Accessed Dec. 2, 2002.
	8	Bradley, M. M., Grenwald, M. K., Petry, M. C. and Lang, P. J. Remembering pictures: Pleasure and arousal in memory. Journal of Experimental Psychology 81, 2 (1992), 379--390.
	9	Brown, A. S., Bracken, E., Zoccoli, S. and Douglas, K. Generating and remembering passwords. Applied Cognitive Psychology 18 (2004), 641--651.
	10	Brostoff, S. and Sasse, M. A. Are Passfaces more usable than passwords: A field trial investigation. In People and Computers XIV - Usability or Else: Proceedings of HCI 2000 (Bath, U. K., Sept. 8--12, 2000). Springer Verlag, 405--424.
	11	Lynne Coventry , Antonella De Angeli , Graham Johnson, Usability and biometric verification at the ATM interface, Proceedings of the SIGCHI conference on Human factors in computing systems, April 05-10, 2003, Ft. Lauderdale, Florida, USA [doi>10.1145/642611.642639]
	12	Davis, D. Monrose, F. and Reiter, M. K. On user choice in graphical password schemes. In Thirteenth Usenix Security Symposium (San Diego, CA, USA, Aug. 9--13, 2004). http://www.usenix.org/events/sec04/tech/davis.html, accessed: Feb. 21, 2005.
	13	De Angeli, A., Covernty, L., Cameron, D., Johnson, G. I. and Fischer, M. VIP: A visual approach to user authentication. In Proceedings of the Working Conference on Advanced Visual Interfaces (AVI 2002) (Trento, Italy, May 22--24, 2002). ACM Press, New York, NY, 316--323.
	14	Dhamija, R. and Perrig, A. Déjà Vu: User study using images for authentication. In Ninth Usenix Security Symposium (Denver, CO, USA, Aug. 14--17, 2000). http://www.usenix.org/publications/library/proceedings/sec2000/dhamija.html, accessed: Feb. 20, 2005.
	15	Dourish, P. Security as experience and practice: Supporting everyday security. Talk given at the DIMACS Workshop on Usable Privacy and Security Software, July 7, 2004.
	16	David C. Feldmeier , Philip R. Karn, UNIX Password Security - Ten Years Later, Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology, p.44-63, August 20-24, 1989
	17	Fitts, P. M. The information capacity of the human motor system in controlling amplitude of movement. Journal of Experimental Psychology 47 (1954), 381--391.
	18	Hollingsworth, A. and Henderson, J. S. Accurate visual memory for previously attended objects in natural scenes. Journal of Experimental Psychology -- Human Percpetion and Performance 28 (2002), 113--136.
	19	Anil Jain , Lin Hong , Sharath Pankanti, Biometric identification, Communications of the ACM, v.43 n.2, p.90-98, Feb. 2000 [doi>10.1145/328236.328110]
	20	Klein, D. A survey of, and improvement to, password security. In UNIX Security Workshop II Proceedings, Tenth Usenix Security Symposium (Portland, OR, USA, Aug. 27--28, 1990), 83--86.
	21	Mandler, J. M. and Ritchey, G. H. Long-term memory for pictures. Journal of Experimental Psychology: Human Learning and Memory 3 (1977), 386--396.
	22	Robert Morris , Ken Thompson, Password security: a case history, Communications of the ACM, v.22 n.11, p.594-597, Nov. 1979 [doi>10.1145/359168.359172]
	23	Nelson, D. L., Reed, U. S., and Walling, J. R. Picture superiority effect. Journal of Experimental Psychology: Human Learning and Memory 3 (1977), 485--497.
	24	Norman, D. A. The Design of Everyday Things. Basic Books, New York, NY, 1988.
	25	Andrew S. Patrick , A. Chris Long , Scott Flinn, HCI and security systems, CHI '03 extended abstracts on Human factors in computing systems, April 05-10, 2003, Ft. Lauderdale, Florida, USA [doi>10.1145/765891.766146]
	26	Paivio, A., Rogers, T. B. and Smythe, P. C. Why are pictures easier to recall than words? Psychonomic Science 11, 4 (1976), 137--138.
	27	Real User Corporation. The Science Behind Passfaces. http://www.realusers.com. Accessed Dec. 2, 2002.
	28	Rundus, D. J. Analysis of rehearsal processes in free recall. Journal of Experimental Psychology 89 (1971), 63--77.
	29	M. A. Sasse , S. Brostoff , D. Weirich, Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security, BT Technology Journal, v.19 n.3, p.122-131, July 2001 [doi>10.1023/A:1011902718709]
	30	Shepard, R. N. Recognition memory for words, sentences, and pictures. Journal of Verbal Learning and Verbal Behavior 6, 156--163.
	31	Standing, , L. P. Learning 10,000 pictures. Quarterly Journal of Experimental Psychology 25, 207--222.
	32	Daphna Weinshall , Scott Kirkpatrick, Passwords you'll never forget, but can't recall, CHI '04 extended abstracts on Human factors in computing systems, April 24-29, 2004, Vienna, Austria [doi>10.1145/985921.986074]
	33	Wiedenbeck, S., Waters, J., Birget, J. C., Brodskiy, A. and Memon, N. Authentication using graphical passwords: Basic Results. Proc. Human-Computer Interaction International 2005, in press.
	34	Susan Wiedenbeck , Jim Waters , Jean-Camille Birget , Alex Brodskiy , Nasir Memon, PassPoints: design and longitudinal evaluation of a graphical password system, International Journal of Human-Computer Studies, v.63 n.1-2, p.102-127, July 2005 [doi>10.1016/j.ijhcs.2005.04.010]
	35	Wixted, T. J. The psychology and neuroscience of forgetting. Annual Review of Psychology 55 (2004), 235--26.

CITED BY 13

	Shirley Gaw , Edward W. Felten, Password management strategies for online accounts, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania
	Saranga Komanduri , Dugald R. Hutchings, Order and entropy in picture passwords, Proceedings of graphics interface 2008, May 28-30, 2008, Windsor, Ontario, Canada
	Julie Thorpe , P. C. van Oorschot, Human-seeded attacks and exploiting hot-spots in graphical passwords, Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, p.1-16, August 06-10, 2007, Boston, MA
	Archana Prasad , Indrani Medhi , Kentaro Toyama , Ravin Balakrishnan, Exploring the feasibility of video mail for illiterate users, Proceedings of the working conference on Advanced visual interfaces, May 28-30, 2008, Napoli, Italy
	Cheryl Hinds , Chinedu Ekwueme, Increasing security and usability of computer systems with graphical passwords, Proceedings of the 45th annual southeast regional conference, March 23-24, 2007, Winston-Salem, North Carolina
	Wendy Moncur , Grégory Leplâtre, Pictures at the ATM: exploring the usability of multiple graphical passwords, Proceedings of the SIGCHI conference on Human factors in computing systems, April 28-May 03, 2007, San Jose, California, USA
	Sonia Chiasson , Jayakumar Srinivasan , Robert Biddle , P. C. van Oorschot, Centered discretization with application to graphical passwords (full paper), Proceedings of the 1st Conference on Usability, Psychology, and Security, p.1-9, April 14-14, 2008, San Francisco, California
	Roman V. Yampolskiy, Action-based user authentication, International Journal of Electronic Security and Digital Forensics, v.1 n.3, p.281-300, October 2008
	Sonia Chiasson , Robert Biddle , P. C. van Oorschot, A second look at the usability of click-based graphical passwords, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania
	Paul Dunphy , Jeff Yan, Do background images improve "draw a secret" graphical passwords?, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
	Paul Dourish , Ken Anderson, Collective information practice: emploring privacy and security as social and cultural phenomena, Human-Computer Interaction, v.21 n.3, p.319-342, Septemper 2006
	Eiji Hayashi , Rachna Dhamija , Nicolas Christin , Adrian Perrig, Use Your Illusion: secure authentication usable anywhere, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania
	Sonia Chiasson , Alain Forget , Robert Biddle , P. C. van Oorschot, Influencing users towards better passwords: persuasive cued click-points, Proceedings of the 22nd British HCI Group Annual Conference on HCI 2008: People and Computers XXII: Culture, Creativity, Interaction, September 01-05, 2008, Liverpool, United Kingdom