Passhint: memorable and secure authentication

Soumyadeb Chowdhury, Ron Poet, Lewis Mackenzie

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

People find it difficult to remember multiple alphanumeric as well as graphical passwords. We propose a Passhint authentication system (PHAS), where the users have to choose four images and create hints for each one of them in order to register a new password. During authentication, they have to recognize only the target images, which are displayed with their corresponding hints, among collections of 15 decoy images, in a four step process. A usability study was conducted with 40 subjects. They created 1 Mikon, 1 doodle, 1 art and 1 object password and then recalled each password after a period of two weeks (without any practice sessions). The results demonstrated that the memorability of multiple passwords in PHAS is better than in existing Graphical authentication systems (GASs). Although the registration time is high, authentication time for successful attempts is either equivalent to or less than the time reported for previous GASs. A guessability study conducted with the same subjects revealed that art passwords are the least guessable, followed by Mikon, doodle and objects in that order. The results strongly suggest the use of art passwords in PHAS, which would offer usable as well as secure authentication. The preliminary results indicate that PHAS has solved the memorability problem with multiple passwords. We propose two new features that could enhance the security offered by PHAS, but the usability of these features would need to be tested before they could be adopted in practice.
Original languageEnglish
Title of host publicationCHI '14: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Place of PublicationNew York, NY (US)
PublisherACM
Pages2917-2926
Number of pages10
ISBN (Print)978-1-4503-2473-1
DOIs
Publication statusPublished - 2014
EventSIGCHI Conference on Human Factors in Computing Systems, CHI 2014 - Toronto, ON, Canada
Duration: 26 Apr 20141 May 2014

Conference

ConferenceSIGCHI Conference on Human Factors in Computing Systems, CHI 2014
CountryCanada
CityToronto, ON
Period26/04/141/05/14

Fingerprint

Authentication

Cite this

Chowdhury, S., Poet, R., & Mackenzie, L. (2014). Passhint: memorable and secure authentication. In CHI '14: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 2917-2926). New York, NY (US): ACM. https://doi.org/10.1145/2556288.2557153
Chowdhury, Soumyadeb ; Poet, Ron ; Mackenzie, Lewis . / Passhint: memorable and secure authentication. CHI '14: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems . New York, NY (US) : ACM, 2014. pp. 2917-2926
@inproceedings{da1a19f718794873bdb4c9cb96a39ae8,
title = "Passhint: memorable and secure authentication",
abstract = "People find it difficult to remember multiple alphanumeric as well as graphical passwords. We propose a Passhint authentication system (PHAS), where the users have to choose four images and create hints for each one of them in order to register a new password. During authentication, they have to recognize only the target images, which are displayed with their corresponding hints, among collections of 15 decoy images, in a four step process. A usability study was conducted with 40 subjects. They created 1 Mikon, 1 doodle, 1 art and 1 object password and then recalled each password after a period of two weeks (without any practice sessions). The results demonstrated that the memorability of multiple passwords in PHAS is better than in existing Graphical authentication systems (GASs). Although the registration time is high, authentication time for successful attempts is either equivalent to or less than the time reported for previous GASs. A guessability study conducted with the same subjects revealed that art passwords are the least guessable, followed by Mikon, doodle and objects in that order. The results strongly suggest the use of art passwords in PHAS, which would offer usable as well as secure authentication. The preliminary results indicate that PHAS has solved the memorability problem with multiple passwords. We propose two new features that could enhance the security offered by PHAS, but the usability of these features would need to be tested before they could be adopted in practice.",
author = "Soumyadeb Chowdhury and Ron Poet and Lewis Mackenzie",
year = "2014",
doi = "10.1145/2556288.2557153",
language = "English",
isbn = "978-1-4503-2473-1",
pages = "2917--2926",
booktitle = "CHI '14: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems",
publisher = "ACM",
address = "United States",

}

Chowdhury, S, Poet, R & Mackenzie, L 2014, Passhint: memorable and secure authentication. in CHI '14: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems . ACM, New York, NY (US), pp. 2917-2926, SIGCHI Conference on Human Factors in Computing Systems, CHI 2014, Toronto, ON, Canada, 26/04/14. https://doi.org/10.1145/2556288.2557153

Passhint: memorable and secure authentication. / Chowdhury, Soumyadeb; Poet, Ron; Mackenzie, Lewis .

CHI '14: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems . New York, NY (US) : ACM, 2014. p. 2917-2926.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Passhint: memorable and secure authentication

AU - Chowdhury, Soumyadeb

AU - Poet, Ron

AU - Mackenzie, Lewis

PY - 2014

Y1 - 2014

N2 - People find it difficult to remember multiple alphanumeric as well as graphical passwords. We propose a Passhint authentication system (PHAS), where the users have to choose four images and create hints for each one of them in order to register a new password. During authentication, they have to recognize only the target images, which are displayed with their corresponding hints, among collections of 15 decoy images, in a four step process. A usability study was conducted with 40 subjects. They created 1 Mikon, 1 doodle, 1 art and 1 object password and then recalled each password after a period of two weeks (without any practice sessions). The results demonstrated that the memorability of multiple passwords in PHAS is better than in existing Graphical authentication systems (GASs). Although the registration time is high, authentication time for successful attempts is either equivalent to or less than the time reported for previous GASs. A guessability study conducted with the same subjects revealed that art passwords are the least guessable, followed by Mikon, doodle and objects in that order. The results strongly suggest the use of art passwords in PHAS, which would offer usable as well as secure authentication. The preliminary results indicate that PHAS has solved the memorability problem with multiple passwords. We propose two new features that could enhance the security offered by PHAS, but the usability of these features would need to be tested before they could be adopted in practice.

AB - People find it difficult to remember multiple alphanumeric as well as graphical passwords. We propose a Passhint authentication system (PHAS), where the users have to choose four images and create hints for each one of them in order to register a new password. During authentication, they have to recognize only the target images, which are displayed with their corresponding hints, among collections of 15 decoy images, in a four step process. A usability study was conducted with 40 subjects. They created 1 Mikon, 1 doodle, 1 art and 1 object password and then recalled each password after a period of two weeks (without any practice sessions). The results demonstrated that the memorability of multiple passwords in PHAS is better than in existing Graphical authentication systems (GASs). Although the registration time is high, authentication time for successful attempts is either equivalent to or less than the time reported for previous GASs. A guessability study conducted with the same subjects revealed that art passwords are the least guessable, followed by Mikon, doodle and objects in that order. The results strongly suggest the use of art passwords in PHAS, which would offer usable as well as secure authentication. The preliminary results indicate that PHAS has solved the memorability problem with multiple passwords. We propose two new features that could enhance the security offered by PHAS, but the usability of these features would need to be tested before they could be adopted in practice.

UR - http://dl.acm.org/citation.cfm?doid=2556288.2557153

U2 - 10.1145/2556288.2557153

DO - 10.1145/2556288.2557153

M3 - Conference contribution

SN - 978-1-4503-2473-1

SP - 2917

EP - 2926

BT - CHI '14: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

PB - ACM

CY - New York, NY (US)

ER -

Chowdhury S, Poet R, Mackenzie L. Passhint: memorable and secure authentication. In CHI '14: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems . New York, NY (US): ACM. 2014. p. 2917-2926 https://doi.org/10.1145/2556288.2557153