Passhint: Memorable and Secure Authentication

Chowdhury, S., Poet, R. and Mackenzie, L. (2014) Passhint: Memorable and Secure Authentication. In: CHI 2014: ACM CHI Conference on Human Factors in Computing Systems, Toronto, Canada, 26 April - 1 May 2014, pp. 2917-2926. ISBN 9781450324731 (doi: 10.1145/2556288.2557153)

Full text not currently available from Enlighten.


People find it difficult to remember multiple alphanumeric as well as graphical passwords. We propose a Passhint authentication system (PHAS), where the users have to choose four images and create hints for each one of them in order to register a new password. During authentication, they have to recognize only the target images, which are displayed with their corresponding hints, among collections of 15 decoy images, in a four step process. A usability study was conducted with 40 subjects. They created 1 Mikon, 1 doodle, 1 art and 1 object password and then recalled each password after a period of two weeks (without any practice sessions). The results demonstrated that the memorability of multiple passwords in PHAS is better than in existing Graphical authentication systems (GASs). Although the registration time is high, authentication time for successful attempts is either equivalent to or less than the time reported for previous GASs. A guessability study conducted with the same subjects revealed that art passwords are the least guessable, followed by Mikon, doodle and objects in that order. The results strongly suggest the use of art passwords in PHAS, which would offer usable as well as secure authentication. The preliminary results indicate that PHAS has solved the memorability problem with multiple passwords. We propose two new features that could enhance the security offered by PHAS, but the usability of these features would need to be tested before they could be adopted in practice.

Item Type:Conference Proceedings
Keywords:Graphical authentication, guessability, usability.
Glasgow Author(s) Enlighten ID:Mackenzie, Dr Lewis and Chowdhury, Soumyadeb and Poet, Dr Ron
Authors: Chowdhury, S., Poet, R., and Mackenzie, L.
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
College/School:College of Science and Engineering > School of Computing Science

University Staff: Request a correction | Enlighten Editors: Update this record