A Comprehensive Study of the Usability of multiple Graphical Passwords

1

A Comprehensive Study of the Usability of multiple Graphical Passwords

SoumChowdhury (Presenter)Ron Poet

Lewis Mackenzie

School of Computing Science

2

PhD ResearcherAn organism that converts caffeine and

sandwiches/pizza into PhD thesis

+ =

Motivation


text passwords

1. Writing down the passwords; 2. Reusing the same passwords; 3. Sharing them with others


A potential solution: Images as password‘M’ number of images = 1 password

Limitation of existing work:

• focused on the usability of a single password

• Users need to remember and use multiple passwords

Research Problem

Objectives


which image type (s) performs best in terms of usability, when multiple passwords are used?’

Compare the usability of 4 image types: Mikon, doodle, art and everyday object, when used as passwords

6

1: Username selection

2: Password image selection (4 images)

3: Password confirmation

4: Registration completion

Registration


Select 4 images

4 images = 1 password

7

AuthenticationFour step login = 1 * 4 images (T)

Each step: 1 target+ 15 decoys = 1 challenge set

Select 1 image (target) and move to next step


Result: Displayed at the end of the 4th (final) step

8

IMAGE TYPES USED AS PASSWORD

(1)Mikon: These are icon-like images which have been drawn by users using a tool called the Mikon engine developed by Mikons.com

(2) Doodle: These images are drawn by users using pen on paper


9

Image types used in our research(3) Art: These images were collected from a range of free websites and comprised of paintings

from different styles such as cubism, abstract and modernism

(4) Object: These images comprised of pictures of food and drinks, sculpture and buildings as well as sports and leisure activities, again collected from a range of free websites

most of the existing usability studies have been done with themSince this is the first study of its kind, we did not concentrate in examining more image types

Why use these image types?


10

Experimental design / User Study


Mikon

25 users

TASK OF EACH USER IN A CONDITION

1. Create 4 passwords (a survey with sample users)2. login with 4 passwords every week3. Frequency of login was varied

Doodle

25 users

Art

25 users

Object

25 users

Conditions

# users

INDEPENDENT MEASURES

11

Frequency of login in each week


1 2 3-4 5 6 7 80

5

10

15

20

25

20 20

10

24

23

Week

Num

ber o

f log

in s

essi

ons

with

1 p

assw

ord

in a

wee

k

week 1 is the training week; participants would get used to the system

12

100 participants of age 19-24 for a period of eight weeks

User Demographics


Grounded theory framework for pre-study survey

Mean successful login percentage: It examined the mean successful login percentage for in each condition :

Shapiro-Wilk test – Normal Distribution

ANOVA– Significant difference in all conditions

Tukey Post hoc test- Significant difference in each pair of condition except Mikon and Object

Result 1: Memorability

Object passwords are the most memorable whereas art passwords are the least


13

Mikon Doodle Art Object0

102030405060708090

74.2267.4

54.9

77.4

Conditions

Mea

n Lo

gin

Suc

cess

per

cent

age

from

wee

k 2

to 8

14

Weekly Login Success Percentage


mikon doodle art object0

10

20

30

40

50

60

70

80

90

w2w3-4w5w6w7w8

Image types

aver

age

wee

kly

logi

n su

cces

s

The memorability decreases with time and less frequent usage

15

Result 2: Registration time


p1 p2 p3 p40

20

40

60

80

100

120

140

mikondoodleartobject

Passwords

Mea

n R

egis

tratio

n tim

e (s

econ

ds)

decreases from p1- first registered password to p4- last registered password

decreases as users get used to the system

16

Result 3: Login time


Mikon Doodle Art Object0

5

10

15

20

25

30

19.5222.16

24.56

18.28

Conditions

Mea

n lo

gin

time

in s

econ

ds

differences between the average login time of Mikon and doodle as well as Mikon and object passwords is not significant


Post Study: Strategy to create and remember password

story/patterns personal likings visual appeal caption/verbal tag random0

10

20

30

40

50

60

42

29

5

13 11

33

39

0

18

105

46

36

0

13

32

52

16

0 0

mikondoodleartobject

Password creation strategy

Par

ticip

ant %

Mikon and doodle: story/pattern or personal likings

Art: personal likings or visual appeal

Object: personal likings or story

18

First study that compares the usability of multiple image passwords using 4 different images types- Mikon, doodle, art and objects

Results demonstrated that

object passwords are most usable in the sense of being more memorable and less time-consuming to employ;

Mikon images are close behind (without any significant difference);

but doodle and art images are significantly inferior

CONCLUSION-1


19

Do users find it difficult to remember multiple image passwords?

• Users do have problems remembering many image passwords.

• Hence they will face the same password memorability/ management problems as that of text passwords, when the number of image passwords increases.

CONCLUSION-2


20

REMARKS- 1 If a system is not usable, then the users will engage into insecure

practices, which may compromise the security.

Solving the memorability problem of the passwords could prevent insecure coping mechanisms.

A solution to address the memorability problem

Provide adequate security

‘Hint based authentication’

ONGOING WORK


21

REMARKS-2

In the absence of any related study of this kind, it is impossible to produce a flawless experimental design.

There is no standard procedure to design experiments for studying multiple image passwords.

(Major limitation of our field)The use of different experimental framework, dependant variables and image types makes it difficult to allow systematic comparison of our results with them.


22

REMARKS-3


We believe that the experimental design in our user studies is:

valid as it answers the research question through the data we collected;

reliable as it can be reproduced by the research community;

most importantly, such a study for the stated research problem has not been conducted in the past.

23

Learn – Unlearn – Relearn


A Comprehensive Study of the Usability of multiple Graphical Passwords

Documents

Transcript of A Comprehensive Study of the Usability of multiple Graphical Passwords