A method performed by an authentication processor for authenticating an unknown user claiming to be a legitimate user. The method includes comparing a legitimate user response metric to an unknown user response metric and one of preventing access to the computer system and decreasing a level of access to the computer system when the unknown user response metric differs from the legitimate user response metric by more than a predefined degree of acceptable variation. The legitimate user response metric represents observed changes in micro-behaviors of the legitimate user in response to viewing a plurality of prime images. The unknown user response metric represents observed changes in micro-behaviors of the unknown user in response to viewing the plurality of prime images.
