ABSTRACT
This paper addresses knowledge-based authentication systems in self-service technology, presenting the design and evaluation of the Visual Identification Protocol (VIP). The basic idea behind it is to use pictures instead of numbers as a means for user authentication. Three different authentication systems based on images and visual memory were designed and compared with the traditional Personal Identification Number (PIN) approach in a longitudinal study involving 61 users. The experiment addressed performance criteria and subjective evaluation. The study and associated design exploration revealed important knowledge about users, their attitudes towards and behaviour with novel authentication approaches using images. VIP was found to provide a promising and easy-to-use alternative to the PIN. The visual code is easier to remember, preferred by users and potentially more secure than the numeric code. Results also provided guidelines to help designers make the best use of the natural power of visual memory in security solutions.
- Adams, D. A. and Chang, S. Y. An investigation of keypad interface security. Information&Management 24 (1993), 53--59. Google ScholarDigital Library
- Adams, A. and Sasse, M. A. Users are not the enemy. Commun. ACM 42 (December 1999), 41--46. Google ScholarDigital Library
- Ashbourn, J. Biometrics. Advanced Identity Verification. Springer Verlag, London, 2000. Google ScholarDigital Library
- Baddeley, A. D. Working memory. Oxford University Press, 1990.Google Scholar
- Dhamija, R.&Perrig, A. Dééjà vu: A User Study Using Images for Authentication. In Proceedings of 9th USENIX Security Symposium, August 2000. Google ScholarDigital Library
- Fisher, M. H. Probing spatial working memory with Corsi Blocks task. Brain and Cognition 4 2001, 143--154.Google ScholarCross Ref
- Gong, L., Lomas, M. A., Needham, R. M. and Saltzer, J. H. Protecting poorly chosen secrets from guessing attacks. IEEE J. on Selected Areas in Communications, 11(5), 1993, 648--656.Google ScholarDigital Library
- Jermyn, I., Mayer, A., Monrose, F., Reiter, M. K.,&Rubin, A. D. The design and Analysis of Graphical Passwords. Proceedings of the 9th USENIX Security Symposium, August 2000. Google ScholarDigital Library
- Madigan, S. Picture memory. In J. C. Yuille (Ed.), Imagery, memory, and cognition: essays in honor of Allan Paivio. Lawrence Erlbaum Associates, Hillsdale, NJ, 1983.Google Scholar
- Paivio, A, Rogers, T. B.,&Smythe, P. C. Why are pictures easier to recall than words? Psychonomic Science, 11(4), 1968, 137--138.Google ScholarCross Ref
- Park, D. C. Ageing and memory: Mechanisms underlying age differences in performances. In Proceedings of the 1997 World Congress of Gerontology.Google Scholar
- Shepard, R. N. Recognition memory for words, sentences and pictures. Journal of Verbal Learning and Verbal Behavior, 6, 1967, 156--163.Google ScholarCross Ref
- Vaidja, C. J. and Gabrieli, J. D. Picture superiority in conceptual memory: Dissociative effects of encoding and retrieval tasks. Memory and Cognition, 28(7), 2000, 1165--1172.Google ScholarCross Ref
- Yan, J., Blackwell, A., Anderson, R. and Grant, A. The memorability and security of passwords --- Some empirical results. Technical Report No. 500 2001, Computer Laboratory University of Cambridge. http://www.ftp.cl.cam.ac.uk/ftp/users/ria14/tr500.pdf.Google Scholar
Index Terms
- VIP: a visual approach to user authentication
Recommendations
Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems
Special isssue: HCI research in privacy and security is critical nowThe weakness of knowledge-based authentication systems, such as passwords and Personal Identification Numbers (PINs), is well known, and reflects an uneasy compromise between security and human memory constraints. Research has been undertaken for some ...
Usability and security evaluation of GeoPass: a geographic location-password scheme
SOUPS '13: Proceedings of the Ninth Symposium on Usable Privacy and SecurityWe design, implement, and evaluate GeoPass: an interface for digital map-based authentication where a user chooses a place as his or her password (i.e., a "location-password"). We conducted a multi-session in-lab/at-home user study to evaluate the ...
An Improved and Effective Secure Password-Based Authentication and Key Agreement Scheme Using Smart Cards for the Telecare Medicine Information System
Recently Lee and Liu proposed an efficient password based authentication and key agreement scheme using smart card for the telecare medicine information system [J. Med. Syst. (2013) 37:9933]. In this paper, we show that though their scheme is efficient, ...
Comments