1 research outputs found
An Investigation into the use of Images as Password Cues
Computer users are generally authenticated by means of a password.
Unfortunately passwords are often forgotten and replacement is expensive and
inconvenient. Some people write their passwords down but these records can
easily be lost or stolen. The option we explore is to find a way to cue
passwords securely. The specific cueing technique we report on in this paper
employs images as cues. The idea is to elicit textual descriptions of the
images, which can then be used as passwords. We have defined a set of metrics
for the kind of image that could function effectively as a password cue. We
identified five candidate image types and ran an experiment to identify the
image class with the best performance in terms of the defined metrics.
The first experiment identified inkblot-type images as being superior. We
tested this image, called a cueblot, in a real-life environment. We allowed
users to tailor their cueblot until they felt they could describe it, and they
then entered a description of the cueblot as their password. The cueblot was
displayed at each subsequent authentication attempt to cue the password.
Unfortunately, we found that users did not exploit the cueing potential of the
cueblot, and while there were a few differences between textual descriptions of
cueblots and non-cued passwords, they were not compelling. Hence our attempts
to alleviate the difficulties people experience with passwords, by giving them
access to a tailored cue, did not have the desired effect. We have to conclude
that the password mechanism might well be unable to benefit from bolstering
activities such as this one