The Effectiveness of Security Images in Internet Banking

Internet banking websites often use security images as part of the login process, under the theory that they can help foil phishing attacks. Previous studies, however, have yielded inconsistent results about users´ ability to notice that a security image is missing. This article describes an online study of 482 users that attempts to clarify the extent to which users notice and react to the absence of security images. Most participants (73 percent) entered their password when the security image and caption were removed. The authors found that changing the appearance and other characteristics of the security image generally had little effect on whether users logged in when the security image was absent. Additionally, they subjected the passwords created by participants to a password-cracking algorithm and found that participants with stronger passwords were less likely (64.7 percent versus 80.1 percent) to enter their passwords when the security image was missing.