Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems