Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
9th USENIX Security Symposium Paper 2000    [Technical Index]

Pp. 45–58 of the Proceedings
Déjà Vu: A User Study Using Images for Authentication Check out the new USENIX Web site. next up previous
Next: Introduction

Déjà Vu: A User Study
Using Images for Authentication

Rachna Dhamija, rachna@sims.berkeley.edu

Adrian Perrig, perrig@cs.berkeley.edu

SIMS / CS, University of California Berkeley

Abstract:

Current secure systems suffer because they neglect the importance of human factors in security. We address a fundamental weakness of knowledge-based authentication schemes, which is the human limitation to remember secure passwords. Our approach to improve the security of these systems relies on recognition-based, rather than recall-based authentication. We examine the requirements of a recognition-based authentication system and propose Déjà Vu, which authenticates a user through her ability to recognize previously seen images. Déjà Vu is more reliable and easier to use than traditional recall-based schemes, which require the user to precisely recall passwords or PINs. Furthermore, it has the advantage that it prevents users from choosing weak passwords and makes it difficult to write down or share passwords with others.

We develop a prototype of Déjà Vu and conduct a user study that compares it to traditional password and PIN authentication. Our user study shows that 90% of all participants succeeded in the authentication tests using Déjà Vu while only about 70% succeeded using passwords and PINS. Our findings indicate that Déjà Vu has potential applications, especially where text input is hard (e.g., PDAs or ATMs), or in situations where passwords are infrequently used (e.g., web site passwords).
Keywords: Human factors in security, hash visualization, user authentication through image recognition, recognition-based authentication.




next up previous
Next: Introduction

Adrian Perrig
Thu Jun 15 15:16:10 PDT 2000

This paper was originally published in the Proceedings of the 9th USENIX Security Symposium, August 14-17, 2000, Denver, Colorado, USA
Last changed: 29 Jan. 2002 ml
Technical Program
Conference Index Home
USENIX home