Abstract
The proliferation of technology requiring user authentication has increased the number of passwords which users have to remember, creating a significant usability problem. This paper reports a usability comparison between a new mechanism for user authentication — Passfaces — and passwords, with 34 student participants in a 3-month field trial. Fewer login errors were made with Passfaces, even when periods between logins were long. On the computer facilities regularly chosen by participants to log in, Passfaces took a long time to execute. Participants consequently started their work later when using Passfaces than when using passwords, and logged into the system less often. The results emphasise the importance of evaluating the usability of security mechanisms in field trials.
PassfacesTM have been used by kind permission of the patent and trademark holding company, Id-Arts (http://www.id-arts.com/).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adams, A. (1996), Reviewing Human Factors in Password Security Systems, Master’s thesis, University College London, London.
Adams, A. & Sasse, M. A. (1999), “Users Are Not the Enemy: Why Users Compromise Security Mechanisms and How to Take Remedial Measures”, Communications of the ACM 42(12), 40–6.
Adams, A., Sasse, M. A. & Lunt, P. (1997), Making Passwords Secure and Usable, inH. Thimbleby, B. O’Conaill & P. Thomas (eds.), People and Computers XII (Proceedings of HCI’97), Springer-Verlag, pp. 1–19.
Anderson, R. J. (1994), “Why Cryptosystems Fail”, Communications of the ACM 37(11), 32–40.
Arthur, C. (1997), “Your Eye. The Ultimate Id Card”, The Independent. Tuesday 2nd December.
Baddeley, A. (1997), Human Memory: Theory and Practice, revised edition, Psychology Press.
Bahrick, H. P., Bahrick, P. O. & Wittlinger, R. P. (1975), “Fifty Years of Memory for Names and Faces: A Cross-sectional Approach”, Journal of Experimental Social Psychology 104(1), 54–75.
Bunnell, J., Podd, J., Henderson, R., Napier, R. & Kennedy-Moffat, J. (1997), “Cognitive, Associative and Conventional Passwords: Recall and Guessing Rates”, Computers and Security 16(7), 629–41.
Clark-Carter, D. (1997), “The Account Taken of Statistical Power in Research Published in the British Journal of Psychology”, British Journal of Psychology 88(1), 71–83.
Cohen, G. (1996), Memory in the Real World, second edition, Psychology Press.
Craik, F. I. M. & Lockhart, R. S. (1972), “Levels of Processing: A Framework for Memory Research”, Journal of Verbal Learning and Verbal Behavior 11(6), 671–84.
Davis, C. & Ganesan, R. (1993), BApassword: A New Proactive Password Checker, inL. Reiner & D. Gilbert (eds.), Proceedings of the National Computer Security Conference ‘83, the 16th NIST/NSA Conference, USA Government, pp. 1–15.
Deane, F., Barrelle, K., Henderson, R. & Mahar, D. (1995), “Perceived Acceptability of Biometric Security Systems”, Computers and Security 14(3), 225–31.
Garfinkel, S. & Spafford, G. (1996), Practical Unix and Internet Security, second edition, O’Reilly.
Kim, H.-J. (1995), “Biometrics, Is It a Viable Proposition for Identity Authentication and Access Control?”, Computers and Security 14(3), 205–14.
Menkus, B. (1988), “Understanding the Use of Passwords”, Computers and Security 7(2), 132–6.
Murrer, E. (1999), “Fingerprint Authentication”, Secure Computing 10(3), 26–30.
Nelson, D. L., Reed, U. S. & Walling, J. R. (1977), “Picture Superiority Effect”, Journal of Experimental Psychology: Learning, Memory and Cognition 2(5), 523–8.
Obaidat, M. & Sadoun, B. (1997), “Verification of Computer Users Using Keystroke Dynamics”, IEEE Transactions in Systems, Man and Cybernetics 27(2), 261–9.
Parkin, A. J. (1981), “Determinants of Cued Recall”, Psychological Research 1(4), 291–300.
Parkin, A. J. (1993), Memory: Phenomena, Experiment and Theory, Blackwell.
Reason, J. (1990), Human Error, Cambridge University Press.
Roddy, A. R. & Stosz, J. D. (1997), “Fingerprint Features–Statistical Analysis and System Performance Estimates”, Proceedings of the IEEE 85(9), 1390–421.
Rosenthal, R. & Rosnow, R. (1991), The Essentials of Behavioural Research, second edition, McGraw-Hill.
Sasse, M. A., Harris, C., Ismail, I. & Monthienvichienchai, P. (1998), Support for Authoring and Managing Web-based Coursework: The TACO Project, inR. Hazemi, S. Hailes & S. Wilbur (eds.), The Digital University: Reinventing the Academy, Springer-Verlag, pp. 155–75.
Spector, Y. & Ginzberg, J. (1994), “Pass Sentence — A New Approach to Computer Code”, Computers and Security 13(2), 145–60.
Svigals, J. (1994), “Smartcards — A Security Assessment”, Computers and Security 13(2), 107–14.
Tulving, E. & Psotka, A. (1971), “Retroactive Inhibition in Free Recall: Inaccessibility of Information in the Memory Store”, Journal of Educational Psychology 87(1), 1–8.
Valentine, T. (1998), An Evaluation of the PassfaceTM Personal Authentication System, Technical Report, Goldmsiths College, University of London.
Valentine, T. (1999), Memory for PassfacesTM After a Long Delay, Technical Report, Goldsmiths College, University of London.
Wickens, C. D. (1992), Engineering Psychology and Human Performance, Harper Collins.
Zviran, M. & Haga, W. J. (1990), “Cognitive Passwords: The Key to Easy Access Control”, Computers and Security 9(8), 723–36.
Zviran, M. & Haga, W. J. (1993), “A Comparison of Password Techniques for Multilevel Authentication Mechanisms”, The Computer Journal 36(3), 227–37.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag London
About this paper
Cite this paper
Brostoff, S., Sasse, M.A. (2000). Are Passfaces More Usable Than Passwords? A Field Trial Investigation. In: McDonald, S., Waern, Y., Cockton, G. (eds) People and Computers XIV — Usability or Else!. Springer, London. https://doi.org/10.1007/978-1-4471-0515-2_27
Download citation
DOI: https://doi.org/10.1007/978-1-4471-0515-2_27
Publisher Name: Springer, London
Print ISBN: 978-1-85233-318-8
Online ISBN: 978-1-4471-0515-2
eBook Packages: Springer Book Archive