Pictures at the ATM

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Pictures at the ATM: exploring the usability of multiple graphical passwords

Full text

Pdf (1.64 MB)

Source

Conference on Human Factors in Computing Systems archive
Proceedings of the SIGCHI conference on Human factors in computing systems table of contents

San Jose, California, USA

SESSION: Security table of contents

Pages: 887 - 894

Year of Publication: 2007

ISBN:978-1-59593-593-9

Authors

Wendy Moncur	Aberdeen University, Aberdeen, United Kingdom
Grégory Leplâtre	Napier University, Edinburgh, United Kingdom

Sponsors

ACM: Association for Computing Machinery
SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 37, Downloads (12 Months): 245, Citation Count: 9

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1240624.1240758 What is a DOI?

ABSTRACT

Users gain access to cash, confidential information and services at Automated Teller Machines (ATMs) via an authentication process involving a Personal Identification Number (PIN). These users frequently have many different PINs, and fail to remember them without recourse to insecure behaviours. This is not a failing of users. It is a usability failing in the ATM authentication mechanism. This paper describes research executed to evaluate whether users find multiple graphical passwords more memorable than multiple PINs. The research also investigates the success of two memory augmentation strategies in increasing memorability of graphical passwords. The results demonstrate that multiple graphical passwords are substantially more effective than multiple PIN numbers. Memorability is further improved by the use of mnemonics to aid their recall.This study will be of interest to HCI practitioners and information security researchers exploring approaches to usable security.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Anne Adams , Martina Angela Sasse, Users are not the enemy, Communications of the ACM, v.42 n.12, p.40-46, Dec. 1999 [doi>10.1145/322796.322806]
	2	Brostoff, S., & Sasse, M. A. (2000). Are passfaces more usable than passwords? A field trial investigation. In Proc. HCI 2000.
	3	Brown, SC. & Park, D.C. (2003) Theoretical models of cognitive aging and implications for translational research in medicine. Gerontologist, 43(1), 57--67.
	4	Lynne Coventry , Antonella De Angeli , Graham Johnson, Usability and biometric verification at the ATM interface, Proceedings of the SIGCHI conference on Human factors in computing systems, April 05-10, 2003, Ft. Lauderdale, Florida, USA [doi>10.1145/642611.642639]
	5	Antonella De Angeli , Lynne Coventry , Graham Johnson , Karen Renaud, Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems, International Journal of Human-Computer Studies, v.63 n.1-2, p.128-152, July 2005 [doi>10.1016/j.ijhcs.2005.04.020]
	6	Rachna Dhamija , Adrian Perrig, Déjà Vu: a user study using images for authentication, Proceedings of the 9th conference on USENIX Security Symposium, p.4-4, August 14-17, 2000, Denver, Colorado
	7	Frøkjær, E. & Hornbææk, K. (2002). Metaphors of Human Thinking in HCI: Habit, Stream of Thought, Awareness, Utterance, and Knowing. In Proc. HF2002/OzCHI 2002.
	8	Joseph Goldberg , Jennifer Hagman , Vibha Sazawal, Doodling our way to better authentication, CHI '02 extended abstracts on Human factors in computing systems, April 20-25, 2002, Minneapolis, Minnesota, USA [doi>10.1145/506443.506639]
	9	Jonathan Grudin, The case against user interface consistency, Communications of the ACM, v.32 n.10, p.1164-1173, Oct. 1989 [doi>10.1145/67933.67934]
	10	Ian Jermyn , Alain Mayer , Fabian Monrose , Michael K. Reiter , Aviel D. Rubin, The design and analysis of graphical passwords, Proceedings of the 8th conference on USENIX Security Symposium, p.1-1, August 23-26, 1999, Washington, D.C.
	11	Andrew S. Patrick , A. Chris Long , Scott Flinn, HCI and security systems, CHI '03 extended abstracts on Human factors in computing systems, April 05-10, 2003, Ft. Lauderdale, Florida, USA [doi>10.1145/765891.766146]
	12	Renaud, K., & De Angeli, A. (2004). My password is here! An investigation into visuo-spatial authentication mechanisms. Interacting with computers, 16(2004), 1017--1041.
	13	Renaud, K., & Smith, E. (2001). Jiminy: helping users to remember their passwords. In Proc. SAICSIT Annual Conference.
	14	M. A. Sasse , S. Brostoff , D. Weirich, Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security, BT Technology Journal, v.19 n.3, p.122-131, July 2001 [doi>10.1023/A:1011902718709]
	15	D. K. Smetters , R. E. Grinter, Moving from the design of usable security technologies to the design of useful secure applications, Proceedings of the 2002 workshop on New security paradigms, September 23-26, 2002, Virginia Beach, Virginia [doi>10.1145/844102.844117]
	16	Xiaoyuan Suo , Ying Zhu , G. Scott. Owen, Graphical Passwords: A Survey, Proceedings of the 21st Annual Computer Security Applications Conference, p.463-472, December 05-09, 2005 [doi>10.1109/CSAC.2005.27]
	17	Thomas S. Tullis , Donna P. Tedesco, Using personal photos as pictorial passwords, CHI '05 extended abstracts on Human factors in computing systems, April 02-07, 2005, Portland, OR, USA [doi>10.1145/1056808.1057036]
	18	Daphna Weinshall , Scott Kirkpatrick, Passwords you'll never forget, but can't recall, CHI '04 extended abstracts on Human factors in computing systems, April 24-29, 2004, Vienna, Austria [doi>10.1145/985921.986074]
	19	Susan Wiedenbeck , Jim Waters , Jean-Camille Birget , Alex Brodskiy , Nasir Memon, Authentication using graphical passwords: effects of tolerance and image choice, Proceedings of the 2005 symposium on Usable privacy and security, p.1-12, July 06-08, 2005, Pittsburgh, Pennsylvania [doi>10.1145/1073001.1073002]
	20	Susan Wiedenbeck , Jim Waters , Jean-Camille Birget , Alex Brodskiy , Nasir Memon, PassPoints: design and longitudinal evaluation of a graphical password system, International Journal of Human-Computer Studies, v.63 n.1-2, p.102-127, July 2005 [doi>10.1016/j.ijhcs.2005.04.010]
	21	Yan, J., Blackwell, A., Anderson, R., & Grant, A. (2001). The memorability and security of passwords -- Some empirical results. (Technical report No. 500). Cambridge: Cambridge University Computer Laboratory.

CITED BY 9

	Alexander De Luca , Roman Weiss , Heiko Drewes, Evaluation of eye-gaze interaction methods for security enhanced PIN-entry, Proceedings of the 2007 conference of the computer-human interaction special interest group (CHISIG) of Australia on Computer-human interaction: design: activities, artifacts and environments, November 28-30, 2007, Adelaide, Australia
	Alexander De Luca , Roman Weiss , Heinrich Hußmann , Xueli An, Eyepass - eye-stroke authentication for public terminals, CHI '08 extended abstracts on Human factors in computing systems, April 05-10, 2008, Florence, Italy
	Hirokazu Sasamoto , Nicolas Christin , Eiji Hayashi, Undercover: authentication usable in front of prying eyes, Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, April 05-10, 2008, Florence, Italy
	Eiji Hayashi , Rachna Dhamija , Nicolas Christin , Adrian Perrig, Use Your Illusion: secure authentication usable anywhere, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania
	Alexander De Luca , Bernhard Frauendienst, A privacy-respectful input method for public terminals, Proceedings of the 5th Nordic conference on Human-computer interaction: building bridges, October 20-22, 2008, Lund, Sweden
	Alexander De Luca , Martin Denzel , Heinrich Hussmann, Look into my eyes!: can you guess my password?, Proceedings of the 5th Symposium on Usable Privacy and Security, July 15-17, 2009, Mountain View, California
	K. V. Renaud, Guidelines for designing graphical authentication mechanism interfaces, International Journal of Information and Computer Security, v.3 n.1, p.60-85, June 2009
	Katherine M. Everitt , Tanya Bragin , James Fogarty , Tadayoshi Kohno, A comprehensive study of frequency, interference, and training of multiple graphical passwords, Proceedings of the 27th international conference on Human factors in computing systems, April 04-09, 2009, Boston, MA, USA
	Ronald Kainda , Ivan Flechais , A. W. Roscoe, Usability and security of out-of-band channels in secure device pairing protocols, Proceedings of the 5th Symposium on Usable Privacy and Security, July 15-17, 2009, Mountain View, California