ABSTRACT
User verification is a crucial component of secure systems that provide access to valuable information or offer personalised services. You cannot withdraw money at the ATM (Automated Teller Machine), log in to your computer, or place a call on your mobile phone without remembering a sequence of numbers or letters. Despite such a wide diffusion, Personal Identification Numbers (PINs) and passwords have a number of well-known deficiencies reflecting a difficult compromise between security and memorability (Adams and Sasse, 1999). Secure codes correspond to random selection of alphanumeric strings being as long as the system allows but humans struggle to remember meaningless strings. Thus, people choose passwords that are related to their everyday life and are often lax about the security of this information, writing it down or deliberately sharing it.
