Post on 23-Feb-2016
description
transcript
Facing the Facts about Image Type in Recognition-Based
Graphical PasswordsMax HlywaDepartment of
PsychologyCarleton University
Ottawa, Canada
Robert BiddleSchool of Computer
ScienceCarleton University
Ottawa, Canada
Andre S. PatrickDepartment of
PsychologyCarleton University
Ottawa, Canada
ADLab 4/9
ACSAC 2011
OutlineIntroductionBackgroundFirst StudySecond StudyDiscussionConclusions
IntroductionCurrent security systems suffer is because
they often fail to incorporate human factors knowledge in their design.
A usable password must be easy to remember. However, a secure password must be hard to guess.
Human memory recognition is typically more effective than recall.
This Paper Analyzes…
BackgroundGraphical PasswordsVisual MemoryRecognition vs. RecallFace RecognitionPassword Space
Graphical PasswordsDrawmetric schemesLocimetric schemesCognometic schemes
Visual MemoryPictures are recalled and recognized by
human are more easily than words.
Dual-coding theory argues that Memory of images is stronger than memory of words because images are more likely than words to be processed both visually and verbally.
Recognition vs. RecallRecognition occurs when one correctly identifies
someone or something that they already know, when it is presented to them at a later time.
Recall takes place when one thinks back in time and brings to mind information of which one was previously aware.
ExamplePerson’s Face vs. Person’s NameMultiple Choice Questions vs. Essay Question
Face RecognitionThere is an increasing amount of evidence
that there may be regions of the brain dedicated to facial recognition and processing.
ExampleProsopagnosia (face blindness)Visual agnosia (Visual object agnosia)
Password Spacetheoretical password space (all
mathematically possible combinations)effective password space (those combinations
more likely to be chosen by user)
Password Space(Cont.)
Password Space(Cont.)theoretical password space = effective
password space
First StudyDesign
faces, everyday objects, houses.6 panels of 26 images (28 bits)60 participants (between-subjects)Their age ranged from 18 to 43 (M=21.1,
SD=4.42)
First Study(Cont.)Authentication system
First Study(Cont.)Execute
Participants were assigned three graphical passwords randomly.
We sent the participants email several times over the course of a week, asking them to log in from home and comment on articles on each of the websites.
If passwords were forgotten they could be reset.Not encouraged to write down password.System logged all password-related activity on
the websites.
Result Number of password remembered
House imagesM=1.15, SD=1.31
Face imagesM=1.90, SD=1.37
Object imagesM=2.35, SD=0.93
Result(Cont.)Mean memory time - the average amount of
time between the first and last successful login. (hours)
Result(Cont.)Average login time
House imagesM=83.06, SD=54.75
Face imagesM=41.45, SD=14.18
Object imagesM=31.03, SD=16.63
ImplicationsThere was no evidence that face images were
the best image type.
Roughly half of all passwords were forgotten by the end of the one week study.
The cognometric scheme traditionally employs 3 or 4 panels of 9 images and has been shown to be quite usable.
Second StudyDesign(First)
faces, everyday objects, houses.
6 panels of 26 images (28 bits)
60 participants (between-subjects)
Their age ranged from 18 to 43 (M=21.1, SD=4.42)
Design(Second)faces, everyday
objects.
5 panels of 16 images (20 bits)
20 participants (within-subjects)
Age?
ResultMean Max Memory TimeFace images
M=167.8, SD=51.73Object images
M=168.5, SD=42.79
Result(Cont.)Successful Login TimeFace images
M=35.96, SD=18.10Object images
M=22.55, SD=10.02
ImplicationsChanging the password space
Login times were much quicker.95% of the object image passwords and 87% of
the face image passwords assigned in the second study were remembered for the entire week.
17/20 participants indicated a preference for object images, often citing increased distinctiveness as their reason.
DiscussionObject > Face > HouseObject
shape, size, color, white backgroundstools, toys, food, flowers, stationery items,
furniture, and more.Face
age, race, gender, expression, etc.ExperienceBrief verbalizationLogin time
ConclusionsIt has been suggested that face images are
the ideal image type, but we found no evidence to support that claim.
We may have a special ability to process and memorize faces, this does not necessarily lead to a superior ability.
Random assigned passwords would be preferable.