<XML><RECORDS><RECORD><REFERENCE_TYPE>3</REFERENCE_TYPE><REFNUM>8896</REFNUM><AUTHORS><AUTHOR>Renaud,K.V.</AUTHOR><AUTHOR>McBryan,T.</AUTHOR><AUTHOR>Siebert,J.P.</AUTHOR></AUTHORS><YEAR>2008</YEAR><TITLE>Password cueing with cue(ink)blots</TITLE><PLACE_PUBLISHED>IADIS Computer Graphics and Visualization 2008, Amsterdam, Netherlands</PLACE_PUBLISHED><PUBLISHER>N/A</PUBLISHER><LABEL>Renaud:2008:8896</LABEL><KEYWORDS><KEYWORD>Authentication</KEYWORD></KEYWORDS<ABSTRACT>People forget passwords daily, and this leads to frustration and potential loss of revenue commercially. Mechanisms for proving identity in the face of forgotten passwords are mostly unsatisfactory. because they are so insecure. The problem is that it is di?cult to handle password replacements e?ciently. One of two people could be requesting the replacement: the legitimate user or a potential intruder. Unfortunately, the system doesn’t have any way of knowing which it is. Some systems make an e?ort to confirm identity by using one or more challenge questions. The user provides the answers to these questions at enrolment, and the rationale is that if the requestor can provide the same answer later, it must be the same user. Of course this assumption is ?awed because the answers could be discovered or known by an intruder. An alternative to challenge questions, explored in this paper, is the use of an abstract image to elicit a textual description. This description could be used as the password, or as an alternative to the challenge questions.</ABSTRACT></RECORD></RECORDS></XML>