skip to main content
10.1145/1408664.1408668acmotherconferencesArticle/Chapter ViewAbstractPublication PagessoupsConference Proceedingsconference-collections
research-article

Securing passfaces for description

Published: 23 July 2008 Publication History

Abstract

One common practice in relation to alphanumeric passwords is to write them down or share them with a trusted friend or colleague. Graphical password schemes often claim the advantage that they are significantly more secure with respect to both verbal disclosure and writing down. We investigated the reality of this claim in relation to the Passfaces graphical password scheme. By collecting a corpus of naturalistic descriptions of a set of 45 faces, we explored participants' ability to associate descriptions with faces across three conditions in which the decoy faces were selected: (1) at random; (2) on the basis of their visual similarity to the target face; and (3) on the basis of the similarity of the verbal descriptions of the decoy faces to the target face. Participants were found to perform significantly worse when presented with visual and verbally grouped decoys, suggesting that Passfaces can be further secured for description. Subtle differences in both the nature of male and female descriptions, and male and female performance were also observed.

References

[1]
A. Adams and M. A. Sasse. Users are not the enemy. Commun. ACM, 42(12):40--46, 1999.
[2]
G. Blonder. United States Patent 5559961, Graphical Passwords, 1996.
[3]
S. Brostoff and A. Sasse. Are Passfaces more usable than passwords? A field trial investigation. In HCI 2000: Proceedings of People and Computers XIV - Usability or Else, pages 405--424. Springer, 2000.
[4]
S. Chiasson, P. C. van Oorschot, and R. Biddle. A usability study and critique of two password managers. In USENIX-SS'06: Proceedings of the 15th conference on USENIX Security Symposium, pages 1--1, Berkeley, CA, USA, 2006. USENIX Association.
[5]
J. Davies. Visual Code Recordal and Communication Thereof International Patent PCT/GB1999/001688, 1999.
[6]
D. Davis, F. Monrose, and M. K. Reiter. On user choice in graphical password schemes. In SSYM'04: Proceedings of the 13th conference on USENIX Security Symposium, pages 11--11, Berkeley, CA, USA, 2004. USENIX Association.
[7]
D. Davis, F. Monrose, and M. K. Reiter. On user choice in graphical password schemes. In SSYM'04: Proceedings of the 13th conference on USENIX Security Symposium, pages 11--11, Berkeley, CA, USA, 2004. USENIX Association.
[8]
A. De Angeli, L. Coventry, G. Johnson, and M. Coutts. Usability and user authentication: Pictorial passwords vs. pin. In McCabe, P. T. (Ed.), Contemporary Ergonomics 2003., pages 253--258. Taylor & Francis. London, 2003.
[9]
R. Dhamija and A. Perrig. Déjà Vu: a user study using images for authentication. In SSYM'00: Proceedings of the 9th conference on USENIX Security Symposium, pages 4--4, Berkeley, CA, USA, 2000. USENIX Association.
[10]
A. E. Dirik, N. Memon, and J.-C. Birget. Modeling user choice in the PassPoints graphical password scheme. In SOUPS '07: Proceedings of the 3rd symposium on Usable privacy and security, pages 20--28, New York, NY, USA, 2007. ACM.
[11]
D. M. Horgan. Language development. University of Michigan doctoral dissertation, 1975.
[12]
P. Dunphy and J. Yan. Is FacePIN secure and usable? In SOUPS '07: Proceedings of the 3rd symposium on Usable privacy and security, pages 165--166, New York, NY, USA, 2007. ACM.
[13]
D. F. Halpern. Sex Differences in Cognitive Abilities. Lawrence Erlbaum, 3 edition, 2000.
[14]
J. Huttenlocher, W. Haight, A. Bryk, M. Seltzer, and T. Lyons. Early Vocabulary growth:Relation to Language Input and Gender. In Developmental Psychology, volume 27, pages 236--248.
[15]
Ian Jermyn and Alain Mayer and Fabian Monrose and Michael K. Reiter and Aviel D. Rubin. The design and analysis of graphical passwords. In SSYM'99: Proceedings of the 8th Conference on USENIX Security Symposium, pages 1--1, Berkeley, CA, USA, 1999. USENIX Association.
[16]
M. Keith, B. Shao, and P. J. Steinbart. The usability of passphrases for authentication: An empirical field study. Int. J. Hum.-Comput. Stud., 65(1):17--28, 2007.
[17]
E. Lieberman and R. C. Miller. Facemail: showing faces of recipients to prevent misdirected email. In SOUPS '07: Proceedings of the 3rd symposium on Usable privacy and security, pages 122--131, New York, NY, USA, 2007. ACM.
[18]
Passfaces Corporation. The Science Behind Passfaces.
[19]
Passfaces Corporation: http://www.passfaces.com.
[20]
M. A. Sasse, S. Brostoff, and D. Weirich. Transforming the 'weakest link' a human/computer interaction approach to usable and effective security. BT Technology Journal, 19(3):122--131, 2001.
[21]
SearchSecurity.com - http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci895483,00.html. Employees willing to share passwords with strangers (2003) last accessed 23/02/2008.
[22]
Searchsecurity.com - http://searchsecurity.techtarget.com/news/article/0,289142,sid14_ gci902867,00.html. Most workers must remember 6 passwords or more (2003) last accessed 23/02/2008.
[23]
S. L. Smith. Authenticating users by word association. Comput. Secur., 6:464--470, 1987.
[24]
X. Suo, Y. Zhu, and G. S. Owen. Graphical Passwords: A Survey. In ACSAC '05: Proceedings of the 21st Annual Computer Security Applications Conference, pages 463--472, Washington, DC, USA, 2005. IEEE Computer Society.
[25]
J. Thorpe and P. V. Oorschott. Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. In 16th USENIX Security Symposium, Aug. 6--10, 2007.
[26]
T. Valentine. An Evaluation of the Passface Personal Authentication System. Technical Report. London: Goldmsiths College University of London., 1998.
[27]
T. Valentine. Memory for Passfaces after a long delay. Technical Report. London: Goldmsiths College University of London., 1998.
[28]
S. Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N. Memon. PassPoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum.-Comput. Stud., 63(1--2):102--127, 2005.
[29]
J. Yan, A. Blackwell, R. Anderson, and A. Grant. Password Memorability and Security: Empirical Results. IEEE Security and Privacy, 2(5):25--31, 2004.
[30]
M. Zviran and W. J. Haga. Cognitive passwords: the key to easy access control. Comput. Secur., 9(9):723--736, 1990.
[31]
M. Zviran and W. J. Haga. A comparison of password techniques for multilevel authentication mechanisms. The Computer Journal, 3(3), 1993.

Cited By

View all
  • (2022)“Pictures are easier to remember than spellings!”International Journal of Child-Computer Interaction10.1016/j.ijcci.2022.10051533:COnline publication date: 1-Sep-2022
  • (2021)A Novel Hybrid Textual-Graphical Authentication Scheme With Better Security, Memorability, and UsabilityIEEE Access10.1109/ACCESS.2021.30691649(51294-51312)Online publication date: 2021
  • (2020)KidsDoodlePass: An Exploratory Study of an Authentication Mechanism for Young ChildrenHuman Aspects of Information Security and Assurance10.1007/978-3-030-57404-8_10(123-132)Online publication date: 21-Aug-2020
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
SOUPS '08: Proceedings of the 4th symposium on Usable privacy and security
July 2008
145 pages
ISBN:9781605582764
DOI:10.1145/1408664
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 July 2008

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. description
  2. graphical passwords
  3. passfaces

Qualifiers

  • Research-article

Conference

SOUPS '08
SOUPS '08: The fourth Symposium on Usable Privacy and Security
July 23 - 25, 2008
Pennsylvania, Pittsburgh, USA

Acceptance Rates

Overall Acceptance Rate 15 of 49 submissions, 31%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)13
  • Downloads (Last 6 weeks)1
Reflects downloads up to 18 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2022)“Pictures are easier to remember than spellings!”International Journal of Child-Computer Interaction10.1016/j.ijcci.2022.10051533:COnline publication date: 1-Sep-2022
  • (2021)A Novel Hybrid Textual-Graphical Authentication Scheme With Better Security, Memorability, and UsabilityIEEE Access10.1109/ACCESS.2021.30691649(51294-51312)Online publication date: 2021
  • (2020)KidsDoodlePass: An Exploratory Study of an Authentication Mechanism for Young ChildrenHuman Aspects of Information Security and Assurance10.1007/978-3-030-57404-8_10(123-132)Online publication date: 21-Aug-2020
  • (2018)Simple nudges for better password creationProceedings of the 32nd International BCS Human Computer Interaction Conference10.14236/ewic/HCI2018.46(1-12)Online publication date: 4-Jul-2018
  • (2018)A case study of using grounded analysis as a requirement engineering methodScience of Computer Programming10.1016/j.scico.2017.08.010152:C(1-37)Online publication date: 15-Jan-2018
  • (2014)Facelock: familiarity-based graphical authenticationPeerJ10.7717/peerj.4442(e444)Online publication date: 24-Jun-2014
  • (2014)Exploring the Guessability of Image PasswordsProceedings of the 7th International Conference on Security of Information and Networks10.1145/2659651.2659699(264-271)Online publication date: 9-Sep-2014
  • (2014)Challenge Set Designs and User Guidelines for Usable and Secured Recognition-Based Graphical PasswordsProceedings of the 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications10.1109/TrustCom.2014.129(973-982)Online publication date: 24-Sep-2014
  • (2014)A study of mnemonic image passwords2014 Twelfth Annual International Conference on Privacy, Security and Trust10.1109/PST.2014.6890941(207-214)Online publication date: Jul-2014
  • (2013)Age-related performance issues for PIN and face-based authentication systemsProceedings of the SIGCHI Conference on Human Factors in Computing Systems10.1145/2470654.2470701(323-332)Online publication date: 27-Apr-2013
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media