<p>An apparatus lets a user to determine a pool of images and then forms from the pool of images a set of images for user authentication and divides the set of images into two mutually exclusive subsets: a key image subset comprising images referred to as key images and a decoy image subset comprising images referred to as decoy images. The apparatus displays the key images to the user to teach the key images to the user. Then, to authenticate the user, the apparatus produces an assortment of decoy images and key images, and displays the assortment to the user. The apparatus receives from the user identification of images held as key images and verifies whether the identification of key images matched with the key images selected by the processor.</p>