Alt, Florian and Mikusz, Mateusz Andrzej and Schneegass, Stefan and Bulling, Andreas (2016) Memorability of cued-recall graphical passwords with saliency masks. In: MUM '16 Proceedings of the 15th International Conference on Mobile and Ubiquitous Multimedia :. ACM, New York, pp. 191-200. ISBN 9781450348607
alt2016mum.pdf - Accepted Version
Available under License Creative Commons Attribution-NonCommercial.
Download (6MB)
Abstract
Cued-recall graphical passwords have a lot of potential for secure user authentication, particularly if combined with saliency masks to prevent users from selecting weak passwords. Saliency masks were shown to significantly improve password security by excluding those areas of the image that are most likely to lead to hotspots. In this paper we investigate the impact of such saliency masks on the memorability of cued-recall graphical passwords. We first conduct two pre-studies (N=52) to obtain a set of images with three different image complexities as well as real passwords. A month-long user study (N=26) revealed that there is a strong learning effect for graphical passwords, in particular if defined on images with a saliency mask. While for complex images, the learning curve is steeper than for less complex ones, they best supported memorability in the long term, most likely because they provided users more alternatives to select memorable password points. These results complement prior work on the security of such passwords and underline the potential of saliency masks as both a secure and usable improvement to cued-recall gaze-based graphical passwords.