This Article 
 Bibliographic References 
 Add to: 
Photographic Authentication through Untrusted Terminals
January-March 2003 (vol. 2 no. 1)
pp. 30-36
Trevor Pering, Intel Research
Murali Sundar, Intel Research
John Light, Intel Research
Roy Want, Intel Research

Photographic authentication is a technique for logging into untrusted public Internet access terminals. It leverages a person?s ability to recognize personal photographs by asking users to identify their own personal photographs from a set of randomized images. By changing the specific images shown on each login attempt, this technique is resilient to replay attacks, which are when an "overheard" login sequence is replayed verbatim to unscrupulously gain access to a system. A prototype implementation and corresponding user-tests show that not only are participants extremely adept at quickly and accurately recognizing their own photographs, but attackers can?t reliably determine which photographs are "correct" even when given samples of a user's photographs.

Index Terms:
Insecure authentication, digital photography, graphical passwords, public terminals
Trevor Pering, Murali Sundar, John Light, Roy Want, "Photographic Authentication through Untrusted Terminals," IEEE Pervasive Computing, vol. 2, no. 1, pp. 30-36, Jan.-March 2003, doi:10.1109/MPRV.2003.1186723
Usage of this product signifies your acceptance of the Terms of Use.