A study of mnemonic image passwords

Soumyadeb Chowdhury, Ron Poet, Lewis Mackenzie

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Existing studies in the field of graphical authentication systems (GASs) have shown that users find it difficult to remember multiple image passwords. In this context, it is believed that memorability can be improved if target images making up a graphical password are selected using a mnemonic strategy during the registration stage. We conducted a usability study with 80 subjects, who were required to create four graphical passwords, each using a mnemonic strategy and recall them every week, for a period of four weeks. The results demonstrated that the memorability of the image passwords created using a mnemonic strategy do not improve even when compared to the existing multiple password studies. Hence remembering multiple image passwords using mnemonic strategies is a mentally demanding task. A guessability study was conducted with 70 participants to examine the vulnerability of image passwords to written descriptions. The analysis of the descriptions revealed that most passwords created in the usability study were described by the account holders using annotated/ non annotated sketch of the target images making up a password. This made all the passwords highly guessable. Based on our results we propose a hint-based authentication system, which can improve the memorability of graphical passwords and also provide adequate security. But the usability as well as security of the proposed system needs to be tested before it could be adopted in practice.
Original languageEnglish
Title of host publication2014 Twelfth Annual Conference on Privacy, Security and Trust (PST)
EditorsAli Miri, Urs Hengartner, et al
DOIs
Publication statusPublished - 2014
Event12th Annual International Conference on Privacy, Security and Trust - Ryerson University, Toronto, ON, Canada
Duration: 23 Jul 201424 Jul 2014

Conference

Conference12th Annual International Conference on Privacy, Security and Trust
Abbreviated titlePST 2014
CountryCanada
CityToronto, ON
Period23/07/1424/07/14

Fingerprint

Authentication

Cite this

Chowdhury, S., Poet, R., & Mackenzie, L. (2014). A study of mnemonic image passwords. In A. Miri, U. Hengartner, & et al (Eds.), 2014 Twelfth Annual Conference on Privacy, Security and Trust (PST) https://doi.org/10.1109/PST.2014.6890941
Chowdhury, Soumyadeb ; Poet, Ron ; Mackenzie, Lewis . / A study of mnemonic image passwords. 2014 Twelfth Annual Conference on Privacy, Security and Trust (PST). editor / Ali Miri ; Urs Hengartner ; et al. 2014.
@inproceedings{e134bc73f16945218973fd8aa98ac392,
title = "A study of mnemonic image passwords",
abstract = "Existing studies in the field of graphical authentication systems (GASs) have shown that users find it difficult to remember multiple image passwords. In this context, it is believed that memorability can be improved if target images making up a graphical password are selected using a mnemonic strategy during the registration stage. We conducted a usability study with 80 subjects, who were required to create four graphical passwords, each using a mnemonic strategy and recall them every week, for a period of four weeks. The results demonstrated that the memorability of the image passwords created using a mnemonic strategy do not improve even when compared to the existing multiple password studies. Hence remembering multiple image passwords using mnemonic strategies is a mentally demanding task. A guessability study was conducted with 70 participants to examine the vulnerability of image passwords to written descriptions. The analysis of the descriptions revealed that most passwords created in the usability study were described by the account holders using annotated/ non annotated sketch of the target images making up a password. This made all the passwords highly guessable. Based on our results we propose a hint-based authentication system, which can improve the memorability of graphical passwords and also provide adequate security. But the usability as well as security of the proposed system needs to be tested before it could be adopted in practice.",
author = "Soumyadeb Chowdhury and Ron Poet and Lewis Mackenzie",
year = "2014",
doi = "10.1109/PST.2014.6890941",
language = "English",
isbn = "978-1-4799-3503-1",
editor = "Ali Miri and Urs Hengartner and {et al}",
booktitle = "2014 Twelfth Annual Conference on Privacy, Security and Trust (PST)",

}

Chowdhury, S, Poet, R & Mackenzie, L 2014, A study of mnemonic image passwords. in A Miri, U Hengartner & et al (eds), 2014 Twelfth Annual Conference on Privacy, Security and Trust (PST). 12th Annual International Conference on Privacy, Security and Trust, Toronto, ON, Canada, 23/07/14. https://doi.org/10.1109/PST.2014.6890941

A study of mnemonic image passwords. / Chowdhury, Soumyadeb; Poet, Ron; Mackenzie, Lewis .

2014 Twelfth Annual Conference on Privacy, Security and Trust (PST). ed. / Ali Miri; Urs Hengartner; et al. 2014.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - A study of mnemonic image passwords

AU - Chowdhury, Soumyadeb

AU - Poet, Ron

AU - Mackenzie, Lewis

PY - 2014

Y1 - 2014

N2 - Existing studies in the field of graphical authentication systems (GASs) have shown that users find it difficult to remember multiple image passwords. In this context, it is believed that memorability can be improved if target images making up a graphical password are selected using a mnemonic strategy during the registration stage. We conducted a usability study with 80 subjects, who were required to create four graphical passwords, each using a mnemonic strategy and recall them every week, for a period of four weeks. The results demonstrated that the memorability of the image passwords created using a mnemonic strategy do not improve even when compared to the existing multiple password studies. Hence remembering multiple image passwords using mnemonic strategies is a mentally demanding task. A guessability study was conducted with 70 participants to examine the vulnerability of image passwords to written descriptions. The analysis of the descriptions revealed that most passwords created in the usability study were described by the account holders using annotated/ non annotated sketch of the target images making up a password. This made all the passwords highly guessable. Based on our results we propose a hint-based authentication system, which can improve the memorability of graphical passwords and also provide adequate security. But the usability as well as security of the proposed system needs to be tested before it could be adopted in practice.

AB - Existing studies in the field of graphical authentication systems (GASs) have shown that users find it difficult to remember multiple image passwords. In this context, it is believed that memorability can be improved if target images making up a graphical password are selected using a mnemonic strategy during the registration stage. We conducted a usability study with 80 subjects, who were required to create four graphical passwords, each using a mnemonic strategy and recall them every week, for a period of four weeks. The results demonstrated that the memorability of the image passwords created using a mnemonic strategy do not improve even when compared to the existing multiple password studies. Hence remembering multiple image passwords using mnemonic strategies is a mentally demanding task. A guessability study was conducted with 70 participants to examine the vulnerability of image passwords to written descriptions. The analysis of the descriptions revealed that most passwords created in the usability study were described by the account holders using annotated/ non annotated sketch of the target images making up a password. This made all the passwords highly guessable. Based on our results we propose a hint-based authentication system, which can improve the memorability of graphical passwords and also provide adequate security. But the usability as well as security of the proposed system needs to be tested before it could be adopted in practice.

UR - http://ieeexplore.ieee.org/document/6890941/

U2 - 10.1109/PST.2014.6890941

DO - 10.1109/PST.2014.6890941

M3 - Conference contribution

SN - 978-1-4799-3503-1

BT - 2014 Twelfth Annual Conference on Privacy, Security and Trust (PST)

A2 - Miri, Ali

A2 - Hengartner, Urs

A2 - et al,

ER -

Chowdhury S, Poet R, Mackenzie L. A study of mnemonic image passwords. In Miri A, Hengartner U, et al, editors, 2014 Twelfth Annual Conference on Privacy, Security and Trust (PST). 2014 https://doi.org/10.1109/PST.2014.6890941