Our confidential information (e.g., emails and documents), private life (e.g., smart home services), and even finances (e.g., online banking) are all protected by passwords. Selecting a secure password is not easy;
it is essential to select a relatively complex password which is hard for others and automated programs to guess, but still easy for us to remember. These two security and memorability goals seem to be in conflict at first glance, rendering password decision making tedious and difficult for us. This has motivated us to develop and analyze novel authentication systems which
support users in deciding on secure yet memorable passwords.
We have studied users’ graphical password decision processes by visual attention models for capturing how humans cognitively process images. We developed artificial intelligence techniques for security assessment of a special type of graphical passwords, called Passpoints. The AI techniques include combining visual attention models with image processing and vision methods for prioritizing passwords’ components given how humans process visual scenes and choose passwords. We also designed an efficient combinatorial algorithm for analyzing the guessability of passwords. The prior work for assessment of such passwords requires collection of passwords from a small group of users to guess others’ passwords; however, our work enables purely automated assessment of Passpoints without any human intervention. The AI techniques also shed light on how users choose insecure passwords, and ways to improve the security of these systems.
Recently, we have designed novel authentication systems which empower the natural strengths of human memory (e.g., by using rich semantic or visual cues such as videos, and digital maps). Our authentication system involving digital maps, besides its comparable security to text passwords, has remarkably high memorability: $97\%$ of passwords are remembered after one week. Our US-patented video authentication system has (theoretically) higher security than text passwords and is an influential venue for advertising. Our research has also explored unconsciously influencing users’ password choices by priming, which has potential to induce more secure passwords and can replace intrusive password policies with unwanted memorability side effects.