David Lu, Taehoon Lee, Sauvik Das, and Jason Hong
Symposium On Usable Privacy and Security (SOUPS)
June 2016
Inspired by people’s strong memory for visual-spatial paths (e.g., commuting paths), we present in this paper an introductory exploration of the use of these paths for memorable, strong mobile authentication. In a preliminary study, we evaluated several low-fidelity representations for encoding relatively strong (~20 bit) secrets as visual-spatial paths: a 2D birds-eye view, a 3D third-person view, and 3D immersed view. We found that the 3D immersed view worked best for memorability, and used this initial study to inspire the design for a novel mobile authentication application: the Memory Palace. We ran a within-subjects experiment to evaluate our Memory Palace authentication concept against Android’s 9-dot Patternlock along two dimensions: memorability and resilience to shoulder surfing. Results from our experiment suggest people have significantly higher memorability for visual-spatial secrets encoded in the Memory Palace which were also significantly more resilient against shoulder surfing. We conclude with directions for further work: specifically, creating sharable paths for more socially compatible authentication and segmenting secret paths for simple, non-binary access control.