Abstract

The password era is drawing to a close. The latest technology is being released without keyboards, which makes password entry insecure and arduous. Furthermore, everyone is straining under the burden of multiple passwords and Personal Identification Numbers (PINs), and a viable knowledge-based alternative is urgently required. In the last few years a number of innovative graphical authentication mechanisms, which use pictures instead of alphanumeric strings, have been proposed. There is long-standing evidence that people remember pictures far better than they remember alphanumeric strings, so in terms of easing the memory load, pictures seem to offer a viable alternative. However, what is emerging from current research is that the design of such a graphical authentication mechanism interface can either make or break it, both in terms of security and usability. This paper will discuss various design options and make recommendations about how such systems should be designed in order to make them maximally efficacious while considering the level of risk associated with the resource being protected by the mechanism.