Graphical password systems have received significant attention as one potential solution to the need for more usable authentication, but nearly all prior work makes the unrealistic assumption of studying a single password. This paper presents the first study of multiple graphical passwords to systematically examine frequency of access to a graphical password, interference resulting from interleaving access to multiple graphical passwords, and patterns of access while training multiple graphical passwords. We find that all of these factors significantly impact the ease of authenticating using multiple facial graphical passwords. For example, participants who accessed four different graphical passwords per week were ten times more likely to completely fail to authenticate than participants who accessed a single password once per week. Our results underscore the need for more realistic evaluations of the use of multiple graphical passwords, have a number of implications for the adoption of graphical password systems, and provide a new basis for comparing proposed graphical password systems.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Anne Adams , Martina Angela Sasse, Users are not the enemy, Communications of the ACM, v.42 n.12, p.40-46, Dec. 1999  [doi>10.1145/322796.322806]
	2	Anne Adams , Martina Angela Sasse , Peter Lunt, Making Passwords Secure and Usable, Proceedings of HCI on People and Computers XII, p.1-19, January 1997
	3	BBC News. UN warns on password 'explosion'. http://news.bbc.co.uk/2/hi/technology/6199372.stm.
	4	Brostoff, S. and Sasse, M.A. Are PassfacesTM more usable than passwords? A field trial investigation. Proceedings of HCI on People and Computers XIV, (HCI 2000), 405--424.
	5	Sonia Chiasson , Robert Biddle , P. C. van Oorschot, A second look at the usability of click-based graphical passwords, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania  [doi>10.1145/1280680.1280682]
	6	Darren Davis , Fabian Monrose , Michael K. Reiter, On user choice in graphical password schemes, Proceedings of the 13th conference on USENIX Security Symposium, p.11-11, August 09-13, 2004, San Diego, CA
	7	Antonella De Angeli , Lynne Coventry , Graham Johnson , Karen Renaud, Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems, International Journal of Human-Computer Studies, v.63 n.1-2, p.128-152, July 2005  [doi>10.1016/j.ijhcs.2005.04.020]
	8	Rachna Dhamija , Adrian Perrig, Déjà Vu: a user study using images for authentication, Proceedings of the 9th conference on USENIX Security Symposium, p.4-4, August 14-17, 2000, Denver, Colorado
	9	Paul Dunphy , James Nicholson , Patrick Olivier, Securing passfaces for description, Proceedings of the 4th symposium on Usable privacy and security, July 23-25, 2008, Pittsburgh, Pennsylvania  [doi>10.1145/1408664.1408668]
	10	Ensor, B. How Consumers Remember Passwords. Forrester Research Report, June 2, 2004.
	11	The Face of Tomorrow Face Dataset. http://www.flickr.com/photos/istanbulmike/sets/72157594201837268/.
	12	Dinei Florencio , Cormac Herley, A large-scale study of web password habits, Proceedings of the 16th international conference on World Wide Web, May 08-12, 2007, Banff, Alberta, Canada  [doi>10.1145/1242572.1242661]
	13	Shirley Gaw , Edward W. Felten, Password management strategies for online accounts, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania  [doi>10.1145/1143120.1143127]
	14	Blake Ives , Kenneth R. Walsh , Helmut Schneider, The domino effect of password reuse, Communications of the ACM, v.47 n.4, p.75-78, April 2004  [doi>10.1145/975817.975820]
	15	Wendy Moncur , Grégory Leplâtre, Pictures at the ATM: exploring the usability of multiple graphical passwords, Proceedings of the SIGCHI conference on Human factors in computing systems, April 28-May 03, 2007, San Jose, California, USA  [doi>10.1145/1240624.1240758]
	16	Robert Morris , Ken Thompson, Password security: a case history, Communications of the ACM, v.22 n.11, p.594-597, Nov. 1979  [doi>10.1145/359168.359172]
	17	PassfacesTM. http://www.realuser.com/
	18	Rock, I.,&Engelstein, P. (1959). A study of memory for visual form. American Journal of Psychology (1959), 72, 221--229.
	19	Standing, L. Learning 10,000 pictures. Quarterly Journal of Experimental Psychology 25 (1973), 207--222.
	20	Furkan Tari , A. Ant Ozok , Stephen H. Holden, A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania  [doi>10.1145/1143120.1143128]
	21	Valentine, T. An evaluation of the PassfacesTM personal authentication system. Goldsmiths College Technical Report, 1998.
	22	Valentine, T. Memory for PassfacesTM after a long delay. Goldsmiths College Technical Report, 1999.
	23	Susan Wiedenbeck , Jim Waters , Jean-Camille Birget , Alex Brodskiy , Nasir Memon, PassPoints: design and longitudinal evaluation of a graphical password system, International Journal of Human-Computer Studies, v.63 n.1-2, p.102-127, July 2005  [doi>10.1016/j.ijhcs.2005.04.010]