research-article

Free access

Visual passwords: cure-all or snake-oil?

Authors:

Karen Renaud,

Antonella De AngeliAuthors Info & Claims

Communications of the ACM, Volume 52, Issue 12

Pages 135 - 140

https://doi.org/10.1145/1610252.1610287

Published: 01 December 2009 Publication History

All formats PDF

Abstract

Introduction

Users of computer systems are accustomed to being asked for passwords -- it is as universal as it is frustrating. In the past there was little tolerance for the problems experienced remembering passwords, and many users still remember, with embarrassment, having to go hat-in-hand to request a password change and being treated with disdain by a lofty administrator. Latterly there is more understanding of the problems experienced by users, especially since the "password conundrum" has reached epidemic proportions for Web users, who are asked for passwords with unrelenting predictability.

The problems with passwords are clear -- users cannot remember numbers of meaningless alphanumeric strings with ease. Hence, they react by choosing simple and predictable words or numbers related to their everyday life, and engaging in insecure practices, such as writing passwords down or sharing them. These practices cause a breach affecting even the most secure and protected network system. Hence the user is often called the weakest link of the security chain, with system administrators despairing of trying to maintain security with the weak link so often reaching breaking point. Users forgetting passwords has serious economical consequences for organizations.

Both academia and industry have been investigating alternatives to passwords, with varying degrees of success. One of the most well-known solutions is the biometric -- measurement of either behavioral or physiological characteristics of the end-user. This is obviously superior to the password because it removes the burden on the user's memory. So why don't we just switch to biometrics and give the poor user a break? There are some valid and hard-to-overcome reasons for the slow uptake of biometrics, but before we can discuss them we need to consider the mechanics of authentication.

References

[1]

Adams, A. and Sasse, M A. Users are not the enemy. Comm. of the ACM 42, 12, (Dec. 1999), 40--46.

Digital Library

Google Scholar

[2]

Davis, D., Monrose, F. Reiter, M K. On user choice in graphical password schemes. In Proceedings of the 13^th USENIX Security Symposium, Aug. 2004, San Diego, CA.

Digital Library

Google Scholar

[3]

De Angeli, A., Coventry, L., Johnson, G., Renaud, K. Is a picture really worth a thousand words? On the feasibility of graphical authentication systems. International Journal of Human-Computer Studies, special issue: HCI research on Privacy and Security, 63, 1--2, (July 2005), 128--152.

Digital Library

Google Scholar

[4]

Epstein, R. and Kanwisher, N. A cortical representation of the local visual environment. Nature. 1998. 476--84.

Google Scholar

[5]

Epstein, R., Graham, K S. and Downing, P E. Viewpoint-specific scene representations in human parahippocampal cortex. Neuron, 37, 5, (Mar. 2003), 865--876.

Crossref

Google Scholar

[6]

Henderson, J M. and Hollingworth, A. High-level scene perception. Annual Review of Psychology 50, (1999), 243--71.

Crossref

Google Scholar

[7]

Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D., The design and analysis of graphical passwords. Proceedings of the 8^th USENIX Security Symposium, 1994, 1--14.

Digital Library

Google Scholar

[8]

Madigan, S., Picture memory. Yuille J.C. (Ed.), Imagery, Memory, and Cognition: Essays in Honor of Allan Paivio. Erlbaum, Hillsdale, NJ, 1983, 66--89.

Google Scholar

[9]

Renaud, K V. and De Angeli, A. My password is here! Investigating authentication schemes based on visuospatial memory. Interacting with Computers 16, 6, (2004), 1017--1041.

Crossref

Google Scholar

[10]

Renaud, K V. and Olsen, E. DynaHand: Observation-resistant recognition-based Web authentication. IEEE Technology and Society. Special Issue on Usable Security and Privacy 26, 2, (2007), 22--31.

Google Scholar

[11]

Thorpe, J. and van Oorschot, P. Graphical dictionaries and the memorable space of graphical passwords. In 13^th USENIX Security Symposium, 2004.

Digital Library

Google Scholar

[12]

Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A. and Memon, N. PassPoints: Design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies 63, 1--2, (2005), 102--127.

Digital Library

Google Scholar

Cited By

View all

V JN S RV S R(2024)AI-Powered Dynamic Images: A New Frontier in Graphical Password Authentication2024 International Conference on Emerging Research in Computational Science (ICERCS)10.1109/ICERCS63125.2024.10894909(1-8)Online publication date: 12-Dec-2024
https://doi.org/10.1109/ICERCS63125.2024.10894909
Woods NSiponen M(2024)How memory anxiety can influence password security behaviorComputers and Security10.1016/j.cose.2023.103589137:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103589
Woods NSilvennoinen J(2022)Enhancing the user authentication process with colour memory cuesBehaviour & Information Technology10.1080/0144929X.2022.209147442:10(1548-1567)Online publication date: 15-Jul-2022
https://doi.org/10.1080/0144929X.2022.2091474
Show More Cited By

Index Terms

Visual passwords: cure-all or snake-oil?

Recommendations

Comments

Information & Contributors

Information

Published In

Communications of the ACM Volume 52, Issue 12

Finding the Fun in Computer Science Education

December 2009

127 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/1610252

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 December 2009

Published in CACM Volume 52, Issue 12

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Popular
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

35
Total Citations
View Citations
1,783
Total Downloads

Downloads (Last 12 months)325
Downloads (Last 6 weeks)62

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

V JN S RV S R(2024)AI-Powered Dynamic Images: A New Frontier in Graphical Password Authentication2024 International Conference on Emerging Research in Computational Science (ICERCS)10.1109/ICERCS63125.2024.10894909(1-8)Online publication date: 12-Dec-2024
https://doi.org/10.1109/ICERCS63125.2024.10894909
Woods NSiponen M(2024)How memory anxiety can influence password security behaviorComputers and Security10.1016/j.cose.2023.103589137:COnline publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1016/j.cose.2023.103589
Woods NSilvennoinen J(2022)Enhancing the user authentication process with colour memory cuesBehaviour & Information Technology10.1080/0144929X.2022.209147442:10(1548-1567)Online publication date: 15-Jul-2022
https://doi.org/10.1080/0144929X.2022.2091474
Kanta ACoisel IScanlon M(2020)A survey exploring open source Intelligence for smarter password crackingForensic Science International: Digital Investigation10.1016/j.fsidi.2020.30107535(301075)Online publication date: Dec-2020
https://doi.org/10.1016/j.fsidi.2020.301075
Ogbuokiri BRaborife M(2020)Visual Password Scheme Using Bag Context Shape GrammarsIntelligent Systems Design and Applications10.1007/978-3-030-49342-4_4(35-47)Online publication date: 15-Aug-2020
https://doi.org/10.1007/978-3-030-49342-4_4
Por LAdebimpe LIdris MKhaw CKu C(2019)LocPass: A Graphical Password Method to Prevent Shoulder-SurfingSymmetry10.3390/sym1110125211:10(1252)Online publication date: 8-Oct-2019
https://doi.org/10.3390/sym11101252
Siponen MPuhakainen PVance A(2019)Can Individuals’ Neutralization Techniques Be Overcome? A Field Experiment on Password PolicyComputers & Security10.1016/j.cose.2019.101617(101617)Online publication date: Sep-2019
https://doi.org/10.1016/j.cose.2019.101617
Paulus YHerlina Leni KHiramatsu CRemijn G(2018)A Preliminary Experiment on Grid Densities for Visual Password Formats2018 9th International Conference on Awareness Science and Technology (iCAST)10.1109/ICAwST.2018.8517236(122-127)Online publication date: Sep-2018
https://doi.org/10.1109/ICAwST.2018.8517236
Nikas AAlepis EPatsakis C(2018)I know what you streamed last night: On the security and privacy of streamingDigital Investigation10.1016/j.diin.2018.03.00425(78-89)Online publication date: Jun-2018
https://doi.org/10.1016/j.diin.2018.03.004
Lamiche IBin GJing YYu ZHadid A(2018)A continuous smartphone authentication method based on gait patterns and keystroke dynamicsJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-018-1123-6Online publication date: 9-Nov-2018
https://doi.org/10.1007/s12652-018-1123-6
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Magazine Site

View this article on the magazine site (external)

Magazine Site

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Passwords: Stunning Notebook Journal for your Passwords, Usernames and URLs/ 5in. x 8in./ Sturdy softback glossy cover/ 50 white pages (Volume 1)

Passwords: Stunning Password Notebook/ Logbook/ Journal/ paperback/ 50 pages/ bright white paper (5 in. x 8 in.) beautiful glossy cover (Volume 2)

Passwords: Subtitle Notebook Journal for Your Passwords, Usernames and Urls/ 5in. X 8in./ Sturdy Softback Glossy Cover/ 50 White Pages. (Volume 4)

Comments

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF

eReader

Magazine Site

Login options

Full Access

Abstract

References

Cited By

Index Terms

Recommendations

Passwords: Stunning Notebook Journal for your Passwords, Usernames and URLs/ 5in. x 8in./ Sturdy softback glossy cover/ 50 white pages (Volume 1)

Passwords: Stunning Password Notebook/ Logbook/ Journal/ paperback/ 50 pages/ bright white paper (5 in. x 8 in.) beautiful glossy cover (Volume 2)

Passwords: Subtitle Notebook Journal for Your Passwords, Usernames and Urls/ 5in. X 8in./ Sturdy Softback Glossy Cover/ 50 White Pages. (Volume 4)

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Magazine Site

Login options

Full Access

Share

Share this Publication link

Share on social media

Affiliations