A comprehensive study of frequency, interference, and training of multiple graphical passwords

Authors:
Katherine M. Everitt;Tanya Bragin;James Fogarty;Tadayoshi Kohno
Affiliations:
University of Washington, Seattle, WA, USA;University of Washington, Seattle, WA, USA;University of Washington, Seattle, WA, USA;University of Washington, Seattle, WA, USA
Venue:
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Year:
2009

Citing 14
Cited 18

Users are not the enemy

Communications of the ACM
Password security: a case history

Communications of the ACM
Making Passwords Secure and Usable

HCI 97 Proceedings of HCI on People and Computers XII
The domino effect of password reuse

Communications of the ACM - Human-computer etiquette
PassPoints: design and longitudinal evaluation of a graphical password system

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Password management strategies for online accounts

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Pictures at the ATM: exploring the usability of multiple graphical passwords

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A large-scale study of web password habits

Proceedings of the 16th international conference on World Wide Web
Déjà Vu: a user study using images for authentication

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
On user choice in graphical password schemes

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
A second look at the usability of click-based graphical passwords

Proceedings of the 3rd symposium on Usable privacy and security
Securing passfaces for description

Proceedings of the 4th symposium on Usable privacy and security

Multiple password interference in text passwords and click-based graphical passwords

Proceedings of the 16th ACM conference on Computer and communications security
Computer Usage by Children with Down Syndrome: Challenges and Future Research

ACM Transactions on Accessible Computing (TACCESS)
A closer look at recognition-based graphical passwords on mobile devices

Proceedings of the Sixth Symposium on Usable Privacy and Security
Purely automated attacks on passpoints-style graphical passwords

IEEE Transactions on Information Forensics and Security
A new shoulder-surfing resistant password for mobile environments

Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication
On designing usable and secure recognition-based graphical authentication mechanisms

Interacting with Computers
Evaluating the usability and security of a graphical one-time PIN system

BCS '10 Proceedings of the 24th BCS Interaction Specialist Group Conference
WebTicket: account management using printable tokens

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Increasing the security of gaze-based cued-recall graphical passwords using saliency masks

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Graphical passwords: Learning from the first twelve years

ACM Computing Surveys (CSUR)
On automated image choice for secure and usable graphical passwords

Proceedings of the 28th Annual Computer Security Applications Conference
Multiple password interference in graphical passwords

International Journal of Information and Computer Security
Protected login

FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Age-related performance issues for PIN and face-based authentication systems

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Investigating User Behavior for Authentication Methods: A Comparison between Individuals with Down Syndrome and Neurotypical Users

ACM Transactions on Accessible Computing (TACCESS)
Exploring the design space of graphical passwords on smartphones

Proceedings of the Ninth Symposium on Usable Privacy and Security
Usability and security evaluation of GeoPass: a geographic location-password scheme

Proceedings of the Ninth Symposium on Usable Privacy and Security
Faces and Pictures: Understanding age differences in two types of graphical authentications

International Journal of Human-Computer Studies

Quantified Score

Hi-index	0.01

Visualization

Abstract

Graphical password systems have received significant attention as one potential solution to the need for more usable authentication, but nearly all prior work makes the unrealistic assumption of studying a single password. This paper presents the first study of multiple graphical passwords to systematically examine frequency of access to a graphical password, interference resulting from interleaving access to multiple graphical passwords, and patterns of access while training multiple graphical passwords. We find that all of these factors significantly impact the ease of authenticating using multiple facial graphical passwords. For example, participants who accessed four different graphical passwords per week were ten times more likely to completely fail to authenticate than participants who accessed a single password once per week. Our results underscore the need for more realistic evaluations of the use of multiple graphical passwords, have a number of implications for the adoption of graphical password systems, and provide a new basis for comparing proposed graphical password systems.