Website login security – memorable image

Recently I have seen a few websites that ask the user to choose an image, from a selection, that will show up when the user logs in to their account. The purpose being that this will add an extra level of security by allowing the user to confirm that they have, or are logging into the right site, and not that of a clone.

In theory, its a good idea, but in practice, not so much.

Screen Shot 2014-05-06 at 19.45.54

The problem

The user may not have any affinity with the images that they are being asked to choose from. Using the example above, the user might not be interested in basketball, quad biking or water sports. They will then make a random selection, that they may not remember, or recognise when they try to log into the site again.

Suggested solution

Allow the user to upload their own image. This will guarantee that the user will recognise the image being presented on login. Creating the trust that this verification method is aiming to create.