Abstract

Text-based password systems are the authentication mechanism most commonly used on computer systems. Graphical passwords have recently been proposed because the pictorial-superiority effect suggests that people have better memory for images. The most widely advocated graphical password systems are based on recognition rather than recall. This approach is favored because recognition is a more effective manner of retrieval than recall, exhibiting greater accuracy and longevity of material. However, schemes such as these combine both the use of graphical images and the use of recognition as a retrieval mechanism. This paper reports on a study that sought to address this confound by exploring the recognition of text as a novel means of authentication. We hypothesized that there would be significant differences between text recognition and text recall conditions. Our study, however, showed that the conditions were comparable; we found no significant difference in memorability. Furthermore, text recognition required more time to authenticate successfully.