Visual Secrets: a human security primitive


This article presents and evaluates an idea for a non-transferable secret that can be used for security verifi cation. This new type of security primitive relies on the pre-semantic treatment of images in the human brain. By showing users an image for a limited time, we show that they can fi nd it again when it is shown among a larger set. Despite their ability to recognise their image, they cannot reliably communicate to someone else exactly how to do so. As the secret is embedded in the very act of recognition, it cannot be shared by the user — whether voluntarily or through coercion. We report on the initial results of a usability study on 151 subjects which showed that subjects can recognise their image shown among 20 similar images with an accuracy of 79% to 86%, compared with an expected baseline of 5%. Despite their recognisability, the ‘secret’ images were hard to describe in unambiguous ways: no assessor managed to accurately identify the images from the description given by the subjects.