On automated image choice for secure and usable graphical passwords

Paul Dunphy, Patrick Olivier

    Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

    5 Citations (Scopus)


    The usability of graphical passwords based upon recognition of images is widely explored. However, it is likely that their observed high memorability is contingent on certain attributes of the image sets presented to users. Characterizing this relationship remains an open problem; for example, there is no systematic (and empirically verified) method to determine how similarity between the elements of an image set impacts the usability of the login challenge. Strategies to assemble suitable images are usually carried out by hand, which represents a significant barrier to uptake as the process has usability and security implications. In this paper, we explore the role of simple image processing techniques to provide automated assembly of usable login challenges in the context of recognition-based graphical passwords. We firstly carry out a user study to obtain a similarity ranked image set, and use the results to select an optimal per-pixel image similarity metric. Then we conduct a short-term image recall test using Amazon Mechanical Turk with 343 subjects where we manipulated the similarity present in image grids. In the most significant case, we found that our automated methods to choose decoy images could impact the login success rate by 40%, and the median login duration by 35 seconds.

    Original languageEnglish
    Title of host publicationProceedings - 28th Annual Computer Security Applications Conference, ACSAC 2012
    Number of pages10
    Publication statusPublished - 1 Dec 2012
    Event28th Annual Computer Security Applications Conference, ACSAC 2012 - Orlando, FL, United States of America
    Duration: 3 Dec 20127 Dec 2012


    Conference28th Annual Computer Security Applications Conference, ACSAC 2012
    CountryUnited States of America
    CityOrlando, FL


    • Security
    • Usability
    • User authentication

    Cite this