A study of mnemonic image passwords

Soumyadeb Chowdhury; Ron Poet; Lewis  Mackenzie

doi:10.1109/PST.2014.6890941

A study of mnemonic image passwords

Soumyadeb Chowdhury, Ron Poet, Lewis Mackenzie

Aston Business School

Research output: Chapter in Book/Published conference output › Conference publication

Abstract

Existing studies in the field of graphical authentication systems (GASs) have shown that users find it difficult to remember multiple image passwords. In this context, it is believed that memorability can be improved if target images making up a graphical password are selected using a mnemonic strategy during the registration stage. We conducted a usability study with 80 subjects, who were required to create four graphical passwords, each using a mnemonic strategy and recall them every week, for a period of four weeks. The results demonstrated that the memorability of the image passwords created using a mnemonic strategy do not improve even when compared to the existing multiple password studies. Hence remembering multiple image passwords using mnemonic strategies is a mentally demanding task. A guessability study was conducted with 70 participants to examine the vulnerability of image passwords to written descriptions. The analysis of the descriptions revealed that most passwords created in the usability study were described by the account holders using annotated/ non annotated sketch of the target images making up a password. This made all the passwords highly guessable. Based on our results we propose a hint-based authentication system, which can improve the memorability of graphical passwords and also provide adequate security. But the usability as well as security of the proposed system needs to be tested before it could be adopted in practice.

Original language	English
Title of host publication	2014 Twelfth Annual Conference on Privacy, Security and Trust (PST)
Editors	Ali Miri, Urs Hengartner, et al
DOIs	https://doi.org/10.1109/PST.2014.6890941
Publication status	Published - 2014
Event	12th Annual International Conference on Privacy, Security and Trust - Ryerson University, Toronto, ON, Canada Duration: 23 Jul 2014 → 24 Jul 2014

Conference

Conference	12th Annual International Conference on Privacy, Security and Trust
Abbreviated title	PST 2014
Country/Territory	Canada
City	Toronto, ON
Period	23/07/14 → 24/07/14

Access to Document

10.1109/PST.2014.6890941

Cite this

@inproceedings{e134bc73f16945218973fd8aa98ac392,

title = "A study of mnemonic image passwords",

abstract = "Existing studies in the field of graphical authentication systems (GASs) have shown that users find it difficult to remember multiple image passwords. In this context, it is believed that memorability can be improved if target images making up a graphical password are selected using a mnemonic strategy during the registration stage. We conducted a usability study with 80 subjects, who were required to create four graphical passwords, each using a mnemonic strategy and recall them every week, for a period of four weeks. The results demonstrated that the memorability of the image passwords created using a mnemonic strategy do not improve even when compared to the existing multiple password studies. Hence remembering multiple image passwords using mnemonic strategies is a mentally demanding task. A guessability study was conducted with 70 participants to examine the vulnerability of image passwords to written descriptions. The analysis of the descriptions revealed that most passwords created in the usability study were described by the account holders using annotated/ non annotated sketch of the target images making up a password. This made all the passwords highly guessable. Based on our results we propose a hint-based authentication system, which can improve the memorability of graphical passwords and also provide adequate security. But the usability as well as security of the proposed system needs to be tested before it could be adopted in practice.",

author = "Soumyadeb Chowdhury and Ron Poet and Lewis Mackenzie",

year = "2014",

doi = "10.1109/PST.2014.6890941",

language = "English",

isbn = "978-1-4799-3503-1",

editor = "Ali Miri and Urs Hengartner and {et al}",

booktitle = "2014 Twelfth Annual Conference on Privacy, Security and Trust (PST)",

note = "12th Annual International Conference on Privacy, Security and Trust, PST 2014 ; Conference date: 23-07-2014 Through 24-07-2014",

}

TY - GEN

T1 - A study of mnemonic image passwords

AU - Chowdhury, Soumyadeb

AU - Poet, Ron

AU - Mackenzie, Lewis

PY - 2014

Y1 - 2014

N2 - Existing studies in the field of graphical authentication systems (GASs) have shown that users find it difficult to remember multiple image passwords. In this context, it is believed that memorability can be improved if target images making up a graphical password are selected using a mnemonic strategy during the registration stage. We conducted a usability study with 80 subjects, who were required to create four graphical passwords, each using a mnemonic strategy and recall them every week, for a period of four weeks. The results demonstrated that the memorability of the image passwords created using a mnemonic strategy do not improve even when compared to the existing multiple password studies. Hence remembering multiple image passwords using mnemonic strategies is a mentally demanding task. A guessability study was conducted with 70 participants to examine the vulnerability of image passwords to written descriptions. The analysis of the descriptions revealed that most passwords created in the usability study were described by the account holders using annotated/ non annotated sketch of the target images making up a password. This made all the passwords highly guessable. Based on our results we propose a hint-based authentication system, which can improve the memorability of graphical passwords and also provide adequate security. But the usability as well as security of the proposed system needs to be tested before it could be adopted in practice.

AB - Existing studies in the field of graphical authentication systems (GASs) have shown that users find it difficult to remember multiple image passwords. In this context, it is believed that memorability can be improved if target images making up a graphical password are selected using a mnemonic strategy during the registration stage. We conducted a usability study with 80 subjects, who were required to create four graphical passwords, each using a mnemonic strategy and recall them every week, for a period of four weeks. The results demonstrated that the memorability of the image passwords created using a mnemonic strategy do not improve even when compared to the existing multiple password studies. Hence remembering multiple image passwords using mnemonic strategies is a mentally demanding task. A guessability study was conducted with 70 participants to examine the vulnerability of image passwords to written descriptions. The analysis of the descriptions revealed that most passwords created in the usability study were described by the account holders using annotated/ non annotated sketch of the target images making up a password. This made all the passwords highly guessable. Based on our results we propose a hint-based authentication system, which can improve the memorability of graphical passwords and also provide adequate security. But the usability as well as security of the proposed system needs to be tested before it could be adopted in practice.

UR - http://ieeexplore.ieee.org/document/6890941/

U2 - 10.1109/PST.2014.6890941

DO - 10.1109/PST.2014.6890941

M3 - Conference publication

SN - 978-1-4799-3503-1

BT - 2014 Twelfth Annual Conference on Privacy, Security and Trust (PST)

A2 - Miri, Ali

A2 - Hengartner, Urs

A2 - et al,

T2 - 12th Annual International Conference on Privacy, Security and Trust

Y2 - 23 July 2014 through 24 July 2014

ER -

A study of mnemonic image passwords

Abstract

Conference

Access to Document

Other files and links

Fingerprint

Cite this