Soumyadeb Chowdhury

A Comprehensive Study of the Usability of Multiple Graphical Passwords

Recognition-based graphical authentication systems (RBGSs) using images as passwords have been proposed as one potential solution to the need for more usable authentication. The rapid increase in the technologies requiring user authentication has increased the number of passwords that users have to remember. But nearly all prior work with RBGSs has studied the usability of a single password. In this paper, we present the first published comparison of the usability of multiple graphical passwords with four different image types: Mikon, doodle, art and everyday objects (food, buildings, sports etc.). A longitudinal experiment was performed with 100 participants over a period of 8 weeks, to examine the usability performance of each of the image types. The results of the study demonstrate that object images are most usable in the sense of being more memorable and less time-consuming to employ, Mikon images are close behind but doodle and art images are significantly inferior. The results of our study complement cognitive literature on the picture superiority effect, visual search process and nameability of visually complex images.

Passhint: memorable and secure authentication

People find it difficult to remember multiple alphanumeric as well as graphical passwords. We propose a Passhint authentication system (PHAS), where the users have to choose four images and create hints for each one of them in order to register a new password. During authentication, they have to recognize only the target images, which are displayed with their corresponding hints, among collections of 15 decoy images, in a four step process. A usability study was conducted with 40 subjects. They created 1 Mikon, 1 doodle, 1 art and 1 object password and then recalled each password after a period of two weeks (without any practice sessions). The results demonstrated that the memorability of multiple passwords in PHAS is better than in existing Graphical authentication systems (GASs). Although the registration time is high, authentication time for successful attempts is either equivalent to or less than the time reported for previous GASs. A guessability study conducted with the same subjects revealed that art passwords are the least guessable, followed by Mikon, doodle and objects in that order. The results strongly suggest the use of art passwords in PHAS, which would offer usable as well as secure authentication. The preliminary results indicate that PHAS has solved the memorability problem with multiple passwords. We propose two new features that could enhance the security offered by PHAS, but the usability of these features would need to be tested before they could be adopted in practice.

My Day in Review: Visually Summarising Noisy Lifelog Data

Lifelogging devices, which seamlessly gather various data about a user as they go about their daily life, have resulted in users amassing large collections of noisy photographs (e.g. visual duplicates, image blur), which are difficult to navigate, especially if they want to review their day in photographs. Social media websites, such as Facebook, have faced a similar information overload problem for which a number of summarization methods have been proposed (e.g. news story clustering, comment ranking etc.). In particular, Facebooks Year in Review received much user interest where the objective for the model was to identify key moments in a users year, offering an automatic visual summary based on their uploaded content. In this paper, we follow this notion by automatically creating a review of a users day using lifelogging images. Specifically, we address the quality issues faced by the photographs taken on lifelogging devices and attempt to create visual summaries by promoting visual and temporal-spatial diversity in the top ranks. Conducting two crowdsourced evaluations based on 9k images, we show the merits of combining time, location and visual appearance for summarization purposes.

Analysing privacy in visual lifelogging

The visual lifelogging activity enables a user, the lifelogger, to passively capture images from a first-person perspective and ultimately create a visual diary encoding every possible aspect of her life with unprecedented details. In recent years, it has gained popularities among different groups of users. However, the possibility of ubiquitous presence of lifelogging devices specifically in private spheres has raised serious concerns with respect to personal privacy. In this article, we have presented a thorough discussion of privacy with respect to visual lifelogging. We have re-adjusted the existing definition of lifelogging to reflect different aspects of privacy and introduced a first-ever privacy threat model identifying several threats with respect to visual lifelogging. We have also shown how the existing privacy guidelines and approaches are inadequate to mitigate the identified threats. Finally, we have outlined a set of requirements and guidelines that can be used to mitigate the identified threats while designing and developing a privacy-preserving framework for visual lifelogging.

Privacy threat model in lifelogging

The lifelogging activity enables a user, the lifelogger, to passively capture multimodal records from a first-person perspective and ultimately create a visual diary encompassing every possible aspect of her life with unprecedented details. In recent years it has gained popularity among different groups of users. However, the possibility of ubiquitous presence of lifelogging devices especially in private spheres has raised serious concerns with respect to personal privacy. Different practitioners and active researchers in the field of lifelogging have analysed the issue of privacy in lifelogging and proposed different mitigation strategies. However, none of the existing works has considered a well-defined privacy threat model in the domain of lifelogging. Without a proper threat model, any analysis and discussion of privacy threats in lifelogging remains incomplete. In this paper we aim to fill in this gap by introducing a first-ever privacy threat model identifying several threats with respect to lifelogging. We believe that the introduced threat model will be an essential tool and will act as the basis for any further research within this domain.

Exploring lifelog sharing and privacy

The emphasis on exhaustive passive capturing of images using wearable cameras like Autographer, which is often known as lifelogging has brought into foreground the challenge of preserving privacy, in addition to presenting the vast amount of images in a meaningful way. In this paper, we present a user-study to understand the importance of an array of factors that are likely to influence the lifeloggers to share their lifelog images in their online circle. The findings are a step forward in the emerging area intersecting HCI, and privacy, to help in exploring design directions for privacy mediating techniques in lifelogging applications.

A user-study examining visualization of lifelogs

With continuous advances in the pervasive sensing and lifelogging technologies for the quantified self, users now can record their daily life activities automatically and seamlessly. In the existing lifelogging research, visualization techniques for presenting the lifelogs and evaluating the effectiveness of such techniques from a lifeloggers perspective has not been adequately studied. In this paper, we investigate the effectiveness of four distinct visualization techniques for exploring the lifelogs, which were collected by 22 lifeloggers who volunteered to use a wearable camera and a GPS device simultaneously, for a period of 3 days. Based on a user study with these 22 lifeloggers, which required them to browse through their personal lifelogs, we seek to identify the most effective visualization technique. Our results suggest various ways to augment and improve the visualization of personal lifelogs to enrich the quality of user experience and making lifelogging tools more engaging. We also propose a new visualization feature-drill-down approach with details-on-demand, to make the lifelogging visualization process more meaningful and informative to the lifeloggers.

Understanding lifelog sharing preferences of lifeloggers

The lifelogging activity enables users, the lifeloggers, to passively capture images using wearable cameras from a first person perspective and ultimately create a visual diary encoding every possible aspect of their life with unprecedented details. This growing phenomenon, has posed several privacy concerns for the lifeloggers (people wearing the device), and bystanders (any person who is captured in the images). In this paper, we present a user- study to understand the sharing preferences of the lifeloggers for the images captured in difference scenarios with different audience groups. Our findings motivate the need to design privacy preserving techniques, which will automatically recommend sharing decisions which will help the lifeloggers avoid misclosure, i.e. wrongly sharing a sensitive image with one or more sharing groups.

Do Graphical Authentication Systems Solve the Password Memorability Problem

Passwords are the most common form of authentication. The password memorability problem is magnified with increasing number of systems users have to access. Graphical authentication systems (GASs) have received significant attention as one potential alternative to alphanumeric passwords to provide more usable authentication. In this paper we review all the existing work which had explored the memorability of multiple graphical passwords. The review reveals that human memory capabilities should not be overestimated and the password memorability problem remains unsolved, even when graphical passwords are employed. Hence we propose a novel graphical authentication system with certain new security features which could solve the problem. This paper will be of interest to Human Computer Interaction-Security researchers investigating approaches to usable and secure authentication techniques.

A study of mnemonic image passwords

Existing studies in the field of graphical authentication systems (GASs) have shown that users find it difficult to remember multiple image passwords. In this context, it is believed that memorability can be improved if target images making up a graphical password are selected using a mnemonic strategy during the registration stage. We conducted a usability study with 80 subjects, who were required to create four graphical passwords, each using a mnemonic strategy and recall them every week, for a period of four weeks. The results demonstrated that the memorability of the image passwords created using a mnemonic strategy do not improve even when compared to the existing multiple password studies. Hence remembering multiple image passwords using mnemonic strategies is a mentally demanding task. A guessability study was conducted with 70 participants to examine the vulnerability of image passwords to written descriptions. The analysis of the descriptions revealed that most passwords created in the usability study were described by the account holders using annotated/ non annotated sketch of the target images making up a password. This made all the passwords highly guessable. Based on our results we propose a hint-based authentication system, which can improve the memorability of graphical passwords and also provide adequate security. But the usability as well as security of the proposed system needs to be tested before it could be adopted in practice.