A Comprehensive Study of the Usability of multiple Graphical Passwords

1. School of Computing Science A Comprehensive Study of the Usability of multiple Graphical Passwords SoumChowdhury(Presenter) Ron Poet Lewis Mackenzie

2. PhD Researcher An organism that converts caffeine and sandwiches/pizza into PhD thesis = +

3. School of Computing Science Motivation text passwords 1. Writing down the passwords; 2. Reusing the same passwords; 3. Sharing them with others

4. School of Computing Science • A potential solution: Images as password • ‘M’ number of images = 1 password • Limitation of existing work: • focused on the usability of a single password • Users need to remember and use multiple passwords Research Problem

5. School of Computing Science Objectives which image type (s) performs best in terms of usability, when multiple passwords are used?’ Compare the usability of 4 image types: Mikon, doodle, art and everyday object, when used as passwords

6. 1: Username selection 2: Password image selection (4 images) 4: Registration completion 3: Password confirmation School of Computing Science Registration Select 4 images 4 images = 1 password

7. School of Computing Science Authentication • Four step login = 1 * 4 images (T) • Each step: • 1 target+ 15 decoys = 1 challenge set • Select 1 image (target) and move to next step Result: Displayed at the end of the 4th (final) step

8. School of Computing Science IMAGE TYPES USED AS PASSWORD • Mikon: Theseare icon-like images which have been drawn by users using a tool called the Mikon engine developed by Mikons.com (2) Doodle: These images are drawn by users using pen on paper

9. School of Computing Science Image types used in our research • (3) Art: These images were collected from a range of free websites and comprised of paintings from different styles such as cubism, abstract and modernism (4) Object: These images comprised of pictures of food and drinks, sculpture and buildings as well as sports and leisure activities, again collected from a range of free websites Why use these image types? most of the existing usability studies have been done with them Since this is the first study of its kind, we did not concentrate in examining more image types

10. School of Computing Science Experimental design / User Study INDEPENDENT MEASURES Conditions # users Mikon 25 users Doodle 25 users Art 25 users Object 25 users TASK OF EACH USER IN A CONDITION Create 4 passwords (a survey with sample users) login with 4 passwords every week Frequency of login was varied

11. School of Computing Science Frequency of login in each week week 1 is the training week; participants would get used to the system

12. School of Computing Science User Demographics 100 participants of age 19-24 for a period of eight weeks Grounded theory framework for pre-study survey

13. School of Computing Science Result 1: Memorability Mean successful login percentage:It examined the mean successful login percentage for in each condition : Shapiro-Wilk test – Normal Distribution ANOVA– Significant difference in all conditions Tukey Post hoc test- Significant difference in each pair of condition except Mikon and Object Object passwords are the most memorable whereas art passwords are the least

14. School of Computing Science Weekly Login Success Percentage The memorability decreases with time and less frequent usage

15. School of Computing Science Result 2: Registration time decreases from p1- first registered password to p4- last registered password decreases as users get used to the system

16. School of Computing Science Result 3: Login time differences between the average login time of Mikon and doodle as well as Mikon and object passwords is not significant

17. School of Computing Science Post Study: Strategy to create and remember password Mikon and doodle: story/pattern or personal likings Art: personal likings or visual appeal Object: personal likings or story

18. School of Computing Science • First study that compares the usability of multiple image passwords using 4 different images types- Mikon, doodle, art and objects • Results demonstrated that • object passwords are most usable in the sense of being more memorable and less time-consuming to employ; • Mikon images are close behind (without any significant difference); • but doodle and art images are significantly inferior CONCLUSION-1

19. School of Computing Science CONCLUSION-2 • Do users find it difficult to remember multiple image passwords? • Users do have problems remembering many image passwords. • Hence they will face the same password memorability/ management problems as that of text passwords, when the number of image passwords increases.

20. School of Computing Science REMARKS- 1 • If a system is not usable, then the users will engage into insecure practices, which may compromise the security. • Solving the memorability problem of the passwords could prevent insecure coping mechanisms. ONGOING WORK • A solution to address the memorability problem • Provide adequate security • ‘Hint based authentication’

21. School of Computing Science REMARKS-2 In the absence of any related study of this kind, it is impossible to produce a flawless experimental design. There is no standard procedure to design experiments for studying multiple image passwords. (Major limitation of our field) The use of different experimental framework, dependant variables and image types makes it difficult to allow systematic comparison of our results with them.

22. School of Computing Science REMARKS-3 • We believe that the experimental design in our user studies is: • valid as it answers the research question through the data we collected; • reliableas it can be reproduced by the research community; • most importantly, such a study for the stated research problem has not been conducted in the past.

23. School of Computing Science Learn – Unlearn – Relearn