ABSTRACT
We present a Rapid, Serial, Visual Presentation method (RSVP) for recognition-based graphical authentication. It presents a stream of rapid, degraded images, which makes the object recognition process difficult for casual attackers. Three studies investigated success rates for authenticating, RSVP’s resistance to over-the-shoulder attacks (OSAs), approaches for facilitating learnability, and effects of resetting a passcode. We found that participants could successfully authenticate and could not complete OSAs. Learnability was promoted by the presentation of degraded versions of the images during the memorization phase. When a passcode was reset, participants successfully retrained themselves even when the previous passcode was recycled as distractors.
Additional information
Notes on contributors
Ashley A Cain
Ashley Cain is a Human Factors PhD student at Old Dominion University, where her research focuses on the human side of cyber security, specifically authentication. She completed her master’s degree at San Jose State University where she also studied human factors and cyber security.
Jeremiah D Still
Jeremiah Still earned his Ph.D. in Human-Computer Interaction from Iowa State University. He is an Assistant Professor of Psychology at Old Dominion University. His Psychology of Design (PoD) laboratory explores the relationship between human cognition and technology; specifically, he is focusing on: visual attention, usable cybersecurity, and intuitive design.