This work, and in particular our investigation of the Face scheme, was motivated in part by scientific literature in psychology and perception. Two results documented in the psychological literature that motivated our study are:
To the best of our knowledge, there has been no prior study structured
to quantify the influence of the various factors that we evaluate
here, including those above, on user choice of graphical
passwords, particularly with respect to security. However, prior
reports on graphical passwords have suggested the possibility of bias,
or anecdotally noted apparent bias, in the selection or recognition of
passwords. For example, a document [24] published by
the corporation that markets Passfaces makes reference to the
race-effect, though stops short of indicating any effect it might have
on password choice. In a study of twenty users of a graphical
password system much like the Story scheme, except in which the
password is a set of images as opposed to a sequence, several users
reported that they did not select photographs of people because
they did not feel they could relate personally to the
image [4]. The same study also observed two instances in
which users selected photographs of people of the same race as
themselves, leading to a conjecture that this could play a role in
password selection.
The Face scheme we consider here, and minor variants, have been the
topic of several user studies focused on evaluating memorability
(e.g., [34,27,28,3]). These studies generally support
the hypothesis that the Face scheme and variants thereof offer better
memorability than text passwords. For instance, in [3], the
authors report results of a three month trial investigation with 34
students that shows that fewer login errors were made when using
Passfaces (compared to textual passwords), even given significant
periods of inactivity between logins.
Other studies, e.g., [34,4], have explored memorability of other types of graphical passwords. We emphasize, however, that memorability is a secondary consideration for our purposes. Our primary goal is to quantify the effect of user choice on the security of passwords chosen.