Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems

A De Angeli*, L Coventry, Graham Johnson, K Renaud

*Corresponding author for this work

Research output: Contribution to journalArticle

167 Citations (Scopus)

Abstract

The weakness of knowledge-based authentication systems, such as passwords and Personal Identification Numbers (PINs), is well known, and reflects an uneasy compromise between security and human memory constraints. Research has been undertaken for some years now into the feasibility of graphical authentication mechanisms in the hope that these will provide a more secure and memorable alternative. The graphical approach substitutes the exact recall of alphanumeric codes with the recognition of previously learnt pictures, a skill at which humans are remarkably proficient. So far, little attention has been devoted to usability, and initial research has failed to conclusively establish significant memory improvement. This paper reports two user studies comparing several implementations of the graphical approach with PINs. Results demonstrate that pictures can be a solution to some problems relating to traditional knowledge-based authentication but that they are not a simple panacea, since a poor design can eliminate the picture superiority effect in memory. The paper concludes by discussing the potential of the graphical approach and providing guidelines for developers contemplating using these mechanisms.
Original languageEnglish
Pages (from-to)128-152
Number of pages25
JournalInternational Journal of Human Computer Studies
Volume63
Issue number1-2
Early online date31 May 2005
DOIs
Publication statusPublished - 1 Jul 2005
Externally publishedYes

Cite this

@article{384ced2d3cdb48cb930a312bfafc511f,
title = "Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems",
abstract = "The weakness of knowledge-based authentication systems, such as passwords and Personal Identification Numbers (PINs), is well known, and reflects an uneasy compromise between security and human memory constraints. Research has been undertaken for some years now into the feasibility of graphical authentication mechanisms in the hope that these will provide a more secure and memorable alternative. The graphical approach substitutes the exact recall of alphanumeric codes with the recognition of previously learnt pictures, a skill at which humans are remarkably proficient. So far, little attention has been devoted to usability, and initial research has failed to conclusively establish significant memory improvement. This paper reports two user studies comparing several implementations of the graphical approach with PINs. Results demonstrate that pictures can be a solution to some problems relating to traditional knowledge-based authentication but that they are not a simple panacea, since a poor design can eliminate the picture superiority effect in memory. The paper concludes by discussing the potential of the graphical approach and providing guidelines for developers contemplating using these mechanisms.",
author = "{De Angeli}, A and L Coventry and Graham Johnson and K Renaud",
year = "2005",
month = "7",
day = "1",
doi = "10.1016/j.ijhcs.2005.04.020",
language = "English",
volume = "63",
pages = "128--152",
journal = "International Journal of Human Computer Studies",
issn = "1071-5819",
publisher = "Academic Press Inc.",
number = "1-2",

}

Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. / De Angeli, A; Coventry, L; Johnson, Graham; Renaud, K.

In: International Journal of Human Computer Studies, Vol. 63, No. 1-2, 01.07.2005, p. 128-152.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems

AU - De Angeli, A

AU - Coventry, L

AU - Johnson, Graham

AU - Renaud, K

PY - 2005/7/1

Y1 - 2005/7/1

N2 - The weakness of knowledge-based authentication systems, such as passwords and Personal Identification Numbers (PINs), is well known, and reflects an uneasy compromise between security and human memory constraints. Research has been undertaken for some years now into the feasibility of graphical authentication mechanisms in the hope that these will provide a more secure and memorable alternative. The graphical approach substitutes the exact recall of alphanumeric codes with the recognition of previously learnt pictures, a skill at which humans are remarkably proficient. So far, little attention has been devoted to usability, and initial research has failed to conclusively establish significant memory improvement. This paper reports two user studies comparing several implementations of the graphical approach with PINs. Results demonstrate that pictures can be a solution to some problems relating to traditional knowledge-based authentication but that they are not a simple panacea, since a poor design can eliminate the picture superiority effect in memory. The paper concludes by discussing the potential of the graphical approach and providing guidelines for developers contemplating using these mechanisms.

AB - The weakness of knowledge-based authentication systems, such as passwords and Personal Identification Numbers (PINs), is well known, and reflects an uneasy compromise between security and human memory constraints. Research has been undertaken for some years now into the feasibility of graphical authentication mechanisms in the hope that these will provide a more secure and memorable alternative. The graphical approach substitutes the exact recall of alphanumeric codes with the recognition of previously learnt pictures, a skill at which humans are remarkably proficient. So far, little attention has been devoted to usability, and initial research has failed to conclusively establish significant memory improvement. This paper reports two user studies comparing several implementations of the graphical approach with PINs. Results demonstrate that pictures can be a solution to some problems relating to traditional knowledge-based authentication but that they are not a simple panacea, since a poor design can eliminate the picture superiority effect in memory. The paper concludes by discussing the potential of the graphical approach and providing guidelines for developers contemplating using these mechanisms.

U2 - 10.1016/j.ijhcs.2005.04.020

DO - 10.1016/j.ijhcs.2005.04.020

M3 - Article

VL - 63

SP - 128

EP - 152

JO - International Journal of Human Computer Studies

JF - International Journal of Human Computer Studies

SN - 1071-5819

IS - 1-2

ER -