The weakness of knowledge-based authentication systems, such as passwords and Personal Identification Numbers (PINs), is well known, and reflects an uneasycompromise between securityand human memoryconstraints. Research has been undertaken for some years now into the feasibilityof graphical authentication mechanisms in the hope that these will provide a more secure and memorable alternative. The graphical approach substitutes the exact recall of alphanumeric codes with the recognition of previouslylearnt pictures, a skill at which humans are remarkablyproficient. So far, little attention has been devoted to usability, and initial research has failed to conclusivelyestablish significant memory improvement. This paper reports two user studies comparing several implementations of the graphical approach with PINs. Results demonstrate that pictures can be a solution to some problems relating to traditional knowledge-based authentication but that theyare not a simple panacea, since a poor design can eliminate the picture superiorityeffect in memory. The paper concludes by discussing the potential of the graphical approach and providing guidelines for developers contemplating using these mechanisms.

Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems

De Angeli, Antonella;
2005-01-01

Abstract

The weakness of knowledge-based authentication systems, such as passwords and Personal Identification Numbers (PINs), is well known, and reflects an uneasycompromise between securityand human memoryconstraints. Research has been undertaken for some years now into the feasibilityof graphical authentication mechanisms in the hope that these will provide a more secure and memorable alternative. The graphical approach substitutes the exact recall of alphanumeric codes with the recognition of previouslylearnt pictures, a skill at which humans are remarkablyproficient. So far, little attention has been devoted to usability, and initial research has failed to conclusivelyestablish significant memory improvement. This paper reports two user studies comparing several implementations of the graphical approach with PINs. Results demonstrate that pictures can be a solution to some problems relating to traditional knowledge-based authentication but that theyare not a simple panacea, since a poor design can eliminate the picture superiorityeffect in memory. The paper concludes by discussing the potential of the graphical approach and providing guidelines for developers contemplating using these mechanisms.
2005
1/2
De Angeli, Antonella; L., Coventry; G., Johnson; K., Renaud
File in questo prodotto:
File Dimensione Formato  
Is a picture really worth a thousand words.pdf

Solo gestori archivio

Tipologia: Post-print referato (Refereed author’s manuscript)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 585.56 kB
Formato Adobe PDF
585.56 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/85704
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 211
  • ???jsp.display-item.citation.isi??? 124
social impact