the cups blog


Use Your Illusion: Secure Authentication Usable Anywhere

Eiji Hayashi

Nicolas Christin

Rachna Dhamija

Adria Perrig

Graphical Authentication

  • Passfaces – Faces are used as graphical portfolio
  • Pass Points – Use “a sequence of clicks” as a shared secret
  • DAS (Draw-A-Secret) –
  • Deja vu

Graphical Portfolio

  • If user chooses portfolio, easy to remember
  • If it’s random, users have difficult remembering picture

Use your Illusion

  1. Allow users to take/choose picture by themselves
  2. Distort pictures
  3. Assign the distorted pictures as graphical portfolio

Requirement for Distortion

  • One-way
  • Discarding precise shapes and colors
  • Preserving rough shapes and colors

Oil Paintings are used

Distortion level

  • If high, difficult to guess, but difficult to memorize
  • If low, easy to memorize, but easy to guess

Low Fidelity Test – Show most distorted imagine then ask user to guess image. If user does not know, continue showing less distorted images.

Also ask user at which point / distorted image he can’t recognize the image is a dog.


  • Implemented on Nokia’s cell-phone
  • Also on the web

1st Usability Test

  • 45 Participant were divided into 3 groups
  • Self-selected, Non-distorted – Mean was around 20 sec
  • self-selected, distorted – 20sec
  • Imposed, Highly-distorted – 70 sec

Process of Memorization

  • Participants assign meanings to distorted images
  • Assigning meanings helps memorization

2nd test

  • 54 participants were divided into 3 groups
  • self-selected, non-distorted
  • self-selected, distorted
  • imposed, distorted

Future Work

  • Detailed usability test
  • long term test
  • find an optimal distortion
  • investigate a metric evaluating distortion level

Assigning meaning helps memorization