Passhint: memorable and secure authentication

People find it difficult to remember multiple alphanumeric as well as graphical passwords. We propose a Passhint authentication system (PHAS), where the users have to choose four images and create hints for each one of them in order to register a new password. During authentication, they have to recognize only the target images, which are displayed with their corresponding hints, among collections of 15 decoy images, in a four step process. A usability study was conducted with 40 subjects. They created 1 Mikon, 1 doodle, 1 art and 1 object password and then recalled each password after a period of two weeks (without any practice sessions). The results demonstrated that the memorability of multiple passwords in PHAS is better than in existing Graphical authentication systems (GASs). Although the registration time is high, authentication time for successful attempts is either equivalent to or less than the time reported for previous GASs. A guessability study conducted with the same subjects revealed that art passwords are the least guessable, followed by Mikon, doodle and objects in that order. The results strongly suggest the use of art passwords in PHAS, which would offer usable as well as secure authentication. The preliminary results indicate that PHAS has solved the memorability problem with multiple passwords. We propose two new features that could enhance the security offered by PHAS, but the usability of these features would need to be tested before they could be adopted in practice.