Securing Passfaces for Description (2008)

Author(s): Dunphy P, Nicholson J, Olivier P

    Abstract: One common practice in relation to alphanumeric passwords is to write them down or share them with a trusted friend or colleague. Graphical password schemes often claim the advantage that they are significantly more secure with respect to both verbal disclosure and writing down. We investigated the reality of this claim in relation to the Passfaces graphical password scheme. By collecting a corpus of naturalistic descriptions of a set of 45 faces, we explored participants' ability to associate descriptions with faces across three conditions in which the decoy faces were selected: (1) at random; (2) on the basis of their visual similarity to the target face; and (3) on the basis of the similarity of the verbal descriptions of the decoy faces to the target face. Participants were found to perform significantly worse when presented with visual and verbally grouped decoys, suggesting that Passfaces can be further secured for description. Subtle differences in both the nature of male and female descriptions, and male and female performance were also observed.

      • Date: 23-25 July 2008
      • Conference Name: Proceedings of the Fourth Symposium on Usable Privacy and Security (SOUPS)
      • Volume: 145
      • Pages: 24-35
      • Publisher: ACM
      • Publication type: Conference Proceedings (inc. abstract)
      • Bibliographic status: Published
      Staff

      Paul Dunphy
      Research Associate

      James Nicholson
      Research Associate

      Professor Patrick Olivier
      Professor of Human-Computer Interaction (Digital Interaction)