A Study on Priming Methods for Graphical Passwords

TL;DR

This study investigates priming methods using background image reveal techniques to improve the security of graphical passwords, finding they can enhance security without harming usability, depending on the specific image and priming method.

Contribution

It provides the first large-scale evaluation of priming effects on graphical password security and usability, highlighting their potential benefits and dependencies.

Findings

Priming techniques do not harm usability.

Priming can measurably improve password security.

Effectiveness depends on image and priming combination.

Abstract

Recent work suggests that a type of nudge or priming technique called the presentation effect may potentially improve the security of PassPoints-style graphical passwords. These nudges attempt to prime or non-intrusively bias user password choices (i.e., point selections) by gradually revealing a background image from a particular edge to another edge at password creation time. We conduct a large-scale user study (n=710) to develop further insights into the presence of this effect and to perform the first evaluations of its security impacts. We explore the usability impacts of this effect using the subset (n=100) of participants who returned for all three sessions. Our usability analyses indicate that these priming techniques do not harm usability. Our security analyses reveal that the priming techniques can measurably enhance the security of graphical passwords; however, this effect is dependent on the combination of both the image and priming techniques used.