Text-based password systems are the authentication mechanism most commonly used on computer systems. Graphical passwords have recently been proposed because the pictorial-superiority effect suggests that people have better memory for images. The most widely advocated graphical password systems are based on recognition rather than recall. This approach is favored because recognition is a more effective manner of retrieval than recall, exhibiting greater accuracy and longevity of material. However, schemes such as these combine both the use of graphical images and the use of recognition as a retrieval mechanism. This paper reports on a study that sought to address this confound by exploring the recognition of text as a novel means of authentication. We hypothesized that there would be significant differences between text recognition and text recall conditions. Our study, however, showed that the conditions were comparable; we found no significant difference in memorability. Furthermore, text recognition required more time to authenticate successfully. Copyright is held by the author/owner.

Additional Metadata
Keywords Authentication, Graphical passwords, Usable security
Persistent URL dx.doi.org/10.1145/2335356.2335367
Conference 8th Symposium on Usable Privacy and Security, SOUPS 2012
Citation
Wright, N. (Nicholas), Patrick, A.S. (Andrew S.), & Biddle, R. (2012). Do you see your password? Applying recognition to textual passwords. Presented at the 8th Symposium on Usable Privacy and Security, SOUPS 2012. doi:10.1145/2335356.2335367