1 / 16

Image-Based User Authentication: Enhancing Security and User Experience

Explore the potential of image recognition as a replacement for text-based passwords in security systems. Discover how visual memory can improve authentication processes and the challenges and benefits of this approach. Dive into a study on the feasibility of using images, including random art and real photos, for login credentials and portfolio creation in a human-centered computing context.

calvinhartman
Download Presentation

Image-Based User Authentication: Enhancing Security and User Experience

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. User Authentication • Image Recognition in Rachna DhamijaHuman Centered Computing CourseDecember 6, 1999

  2. Problem • Security systems • human factors? • Passwords • multiple long strings

  3. A solution • Replace text w/ images? • Replace recall w/ recognition • Portfolio • “Random Art” & Real Images

  4. Visual Memory • “Vast, almost limitless memory” for pictures [Haber] • Recognition • Fraction of a sec to remember & recognize [Intraub, Pavio & Codes] • 2560 photos for few seconds  90 % recognition rate [Standing, Conezio & Haber] • 10,000 photos  2 days, 66% recognized [Standing] • Recall • recall semantics or sketch • “pictures are not only recognized better but are also recalled better than words” [Standing]

  5. Task Analysis • Target population = general computer users • novice/expert users • few passwords/multiple passwords • 10 (+20) people interviewed about behavior • 10 – 40+ instances vs. 1-7 actual passwords • names, phone numbers, fav movies, ~6 char • tools: majority wrote them down, 2 PIM • minimum effort, never change them • ability to share is a feature • people hate passwords • but prefer them to alternatives

  6. Security: Brute ForceAttack 4 Digit PIN = 5 out of 20 images 6 char password = 10 out of 55 BUT most passwords require < brute force!

  7. Security Analysis (cont) • Benefits • Images easier to remember • less errors • change more frequently • good for infrequently used passwords? • Images esp Random Art is hard to describe • Vulnerabilities • “shoulder surfing” attack • “intersection” attack

  8. Lo-fi Prototype • Task: create portfolio & login • People can remember images! (4-10) • Photos/art – 50/50 preference & time • Wanted to view portfolio during creation • Must be simple and fast (no click through screens) • Horizontal layout for quick scanning

  9. Create 4 “passwords” PIN (4 digits) Password (6 char.) Art portfolio (5/100) Photo portfolio (5/100) Login PIN Password Art (5/25) Photo (5/25) Experiment Design • Task order- 50% did Art first • Image order • Repeat login after 1 week!

  10. Test Measures Does not include uncompleted tasks sev1: minorsev2: major, recoverablesev3: major, unrecoverable No unrecoverable errors made with portfolios

  11. More Results • Comfort Level • Create portfolio - @#$% • Login portfolio - wow • Text vs. images • Passwords/PINS faster to create/logon • Photos easier to remember than PINS (short term) • Art vs. photos • Photos easier to remember, schemes, more personal • People chose similar photos, but not art • Interface issues • Scrolling is bad, one screen, thumbnails, single-click • Lack of feedback • # picked so far, which picked?? • how to give feedback securely?

  12. Changes to next version show # selected 1 image selected hide selected images smaller images

  13. Conclusions • Potential for use • where text input is hard, limited observation (e.g., ATM, PDA) • infrequent, high availability passwords • Future Directions • Self created images • authenticate: recreate or recognize • Random Art + Text • Sharing & collaboration • Other human abilities?

  14. References • Houston JP. Fundamentals of learning and memory. 4th ed. Florida: Harcourt Brace Jovanovich; 1991. • Ralph Norman Haber. How we remember what we see. Scientific American, 222(5):104-112, May 1970. • Lionel Standing. Learning 10,000 pictures. Quarterly Journal of Experimental Psychology, 25:207-222, 1973. • Lionel Standing, Jerry Conezio, and Ralph Norman Haber. Perception and memory for pictures: Single-trial learning of 2500 visual stimuli. Psychonomic Science, 19(2):73-74, 1970. • Helene Intraub. Presentation rate and the representation of briefly glimpsed pictures in memory. Journal of Experimental Psychology: Human Learning and Memory, 6(1):1-12, 1980. • Hash Visualization: A New Technique to Improve Real-World Security, Adrian Perrig and Dawn Song, in Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce (CryTEC '99)

More Related