Authenticating a user operating an un-trusted access device includes causing the display, on the un-trusted access device, of a plurality of photographs to the user, at least one of the photographs being from the user's personal photograph collection and already familiar to the user, remaining photographs being decoy photographs, accepting an input selection from the user identifying one of the displayed photographs, and allowing access when the user's selection correctly identifies a sequence of displayed photographs from the user's photograph collection. No user training prior to using the authentication system is needed and no pre-selection of a password or photograph is necessary.