Passhint: memorable and secure authentication

Soumyadeb Chowdhury, Ron Poet, Lewis Mackenzie

Research output: Chapter in Book/Published conference outputConference publication


People find it difficult to remember multiple alphanumeric as well as graphical passwords. We propose a Passhint authentication system (PHAS), where the users have to choose four images and create hints for each one of them in order to register a new password. During authentication, they have to recognize only the target images, which are displayed with their corresponding hints, among collections of 15 decoy images, in a four step process. A usability study was conducted with 40 subjects. They created 1 Mikon, 1 doodle, 1 art and 1 object password and then recalled each password after a period of two weeks (without any practice sessions). The results demonstrated that the memorability of multiple passwords in PHAS is better than in existing Graphical authentication systems (GASs). Although the registration time is high, authentication time for successful attempts is either equivalent to or less than the time reported for previous GASs. A guessability study conducted with the same subjects revealed that art passwords are the least guessable, followed by Mikon, doodle and objects in that order. The results strongly suggest the use of art passwords in PHAS, which would offer usable as well as secure authentication. The preliminary results indicate that PHAS has solved the memorability problem with multiple passwords. We propose two new features that could enhance the security offered by PHAS, but the usability of these features would need to be tested before they could be adopted in practice.
Original languageEnglish
Title of host publicationCHI '14: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Place of PublicationNew York, NY (US)
Number of pages10
ISBN (Print)978-1-4503-2473-1
Publication statusPublished - 2014
EventSIGCHI Conference on Human Factors in Computing Systems, CHI 2014 - Toronto, ON, Canada
Duration: 26 Apr 20141 May 2014


ConferenceSIGCHI Conference on Human Factors in Computing Systems, CHI 2014
CityToronto, ON


Dive into the research topics of 'Passhint: memorable and secure authentication'. Together they form a unique fingerprint.

Cite this