Cross Cutting Thrusts: Usable Privacy and Security
Scope: Use Your Illusion (UYI) is a recognition-based graphical authentication scheme we have developed, where users select their images from a set of images to log in. The key idea to UYI is to visually distort the images, making it hard for attackers to make educated guess attacks while still making it possible for users to recognize their authentication tokens.
Outcomes: We have built prototypes of Use Your Illusion, and have conducted a series of studies evaluating the memorability and security of the scheme. Our early experiments focused on what level of visual distortion should be used, as well as the memorability of distorted images. Our later experiments focused on understanding the security of UYI against educated guess attacks. We had friends of participants try to guess a user’s authentication tokens, and found that attackers were not better than random chance probabilities.