Graphical passwords are an alternative form of authentication that use images for login, and leverage the picture superiority effct for good usability and memorability. Categories of graphical passwords have been distinguished on the basis of different kinds of memory retrieval (recall, cued-recall, and recognition). Psychological research suggests that leveraging recognition memory should be best, but this remains an open question in the password literature. This paper examines how different kinds of memory retrieval affect the memorability and usability of random assigned graphical passwords. A series of five studies of graphical and text passwords showed that participants were able to better remember recognition-based graphical passwords, but their usability was limited by slow login times. A graphical password scheme that leveraged recognition and recall memory was most successful at combining memorability and usability.

Additional Metadata
Keywords Authentication, Graphical passwords, Human memory, Usable security
Persistent URL dx.doi.org/10.1145/2501604.2501619
Conference 9th Symposium on Usable Privacy and Security, SOUPS 2013
Citation
Stobert, E. (Elizabeth), & Biddle, R. (2013). Memory retrieval and graphical passwords. Presented at the 9th Symposium on Usable Privacy and Security, SOUPS 2013. doi:10.1145/2501604.2501619