User Study: Comparison of Picture Passwords and Current Login Approaches

TL;DR

The paper investigates whether picture-password authentication can outperform or complement regular passwords within a multi-factor authentication context by conducting a user study comparing three interface configurations (classic, theme, single) across 12–13 participants. Using a Linux-based lab setup and a NIST pic-pass–aligned interface, the study measures account creation and login performance, error rates, and user perceptions across multiple tasks, aiming to assess fatigue, security perception, and usability. Results show no statistically significant advantages for picture passwords over traditional passwords, largely due to data variability and outliers, though some trends emerge when outliers are removed. The work highlights challenges in task design and counterbalancing for this comparison and suggests longer-term, more tightly controlled studies to better determine the practical viability of picture-password authentication in MFA contexts.

Abstract

In this research, we conduct a user study that compares different computer/system authentication methods. More specifically, we look into comparing regular password authentication with picture authentication. Picture authentication means selecting a sequence of pictures from a set of pictures (30). We present users with both interfaces; various metrics are tracked while the participants conduct a variety of user authentication-related tasks. Other metrics include user perception of security with such technologies.

Figures (12)

• Figure 1: Study computer workstation.
• Figure 2: Example of regular password interface using.
• Figure 3: Example of picture password interface using dog and cats theme.
• Figure 4: Example of picture password interface using sea shore as single picture mode.
• Figure 5: Histogram of account creation time data, in seconds. Bucket size of 2s.