Abstract - Security Symposium - 2000
Déjà Vu: A User Study Using Images for Authentication
Rachna Dhamija and Andrian Perrig University of California, Berkeley
Current secure systems suffer because they neglect the importance of
human factors in security. We address a fundamental weakness of
knowledge-based authentication schemes, which is the human limitation to
remember secure passwords. Our approach to improve the security of these
systems relies on recognition-based, rather than
recall-based authentication. We examine the requirements of a
recognition-based authentication system and propose Déjà Vu, which authenticates
a user through her ability to recognize previously seen images. Déjà Vu is more
reliable and easier to use than traditional recall-based schemes, which
require the user to precisely recall passwords or PINs. Furthermore, it has
the advantage that it prevents users from choosing weak passwords and makes it
difficult to write down or share passwords with others.
We develop a prototype of Déjà Vu and conduct a user study that compares it to
traditional password and PIN authentication. Our user study shows that 90% of
all participants succeeded in the authentication tests using Déjà Vu while only
about 70% succeeded using passwords and PINS. Our findings indicate that
Déjà Vu has potential applications, especially where text input is hard (e.g.,
PDAs or ATMs), or in situations where passwords are infrequently used (e.g., web site passwords).
Keywords: Human factors in security, hash visualization,
user authentication through image recognition, recognition-based authentication.
- View the full text of this paper in
HTML form and PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.