ABSTRACT
Text passwords have been used in authentication systems for many decades. Users must recall the textual strings selected during registration to pass authentication. However, there are some serious problems with text passwords---recollection and security. Hence, various graphical-password authentication systems have been proposed to solve the problems of text passwords. Previous studies indicate that humans are better at recognizing and recalling images than texts. In 2005, Wiedenbeck et al. proposed PassPoints in which a password consists of a sequence of click-points (5 to 8) that a user chooses on an image. In the paper, we proposed an alternative system in which users can memorize fewer points while providing more security than PassPoints. Based on the idea of using an extremely large image as the password space, we propose a novel world map based graphical-password authentication system called PassMap in which a password consists of a sequence of 2 click-points that a user selects on an large world map. We also conducted a user study for evaluation. The result shows that the passwords of PassMap are easy to memorize for humans and PassMap is friendly to use in practice. Furthermore, PassMap provides higher entropy than PassPoints and also increases the cost of attacks.
- R. Biddle, S. Chiasson, and P. van Oorschot. Graphical passwords: Learning from the first twelve years. ACM Computing Surveys (to appear). School of Computer Science, Carleton University, 2010. Google ScholarDigital Library
- S. Chiasson, A. Forget, E. Stobert, P. Van Oorschot, and R. Biddle. Multiple password interference in text passwords and click-based graphical passwords. In Proceedings of the 16th ACM conference on Computer and communications security, pages 500--511. ACM, 2009. Google ScholarDigital Library
- I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin. The design and analysis of graphical passwords. In Proceedings of the 8th conference on USENIX Security Symposium-Volume 8, pages 1--1. USENIX Association, 1999. Google ScholarDigital Library
- D. Nelson, U. Reed, and J. Walling. Picture superiority effect. Journal of Experimental Psychology: Human Learning and Memory, 3: 485--497, 1977.Google ScholarCross Ref
- A. Perrig and D. Song. Hash visualization: A new technique to improve real-world security. In International Workshop on Cryptographic Techniques and E-Commerce, pages 131--138. Citeseer, 1999.Google Scholar
- X. Suo, Y. Zhu, and G. Owen. Graphical passwords: A survey. 2005.Google Scholar
- J. Thorpe and P. Van Oorschot. Towards secure design choices for implementing graphical passwords. 2004.Google Scholar
- S. Wiedenbeck, J. Waters, J. Birget, A. Brodskiy, and N. Memon. Passpoints: Design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies, 63(1--2): 102--127, 2005. Google ScholarDigital Library
- S. Wiedenbeck, J. Waters, L. Sobrado, and J. Birget. Design and evaluation of a shoulder-surfing resistant graphical password scheme. In Proceedings of the working conference on Advanced visual interfaces, pages 177--184. ACM, 2006. Google ScholarDigital Library
Index Terms
- PassMap: a map based graphical-password authentication system
Recommendations
Authentication using graphical passwords: effects of tolerance and image choice
SOUPS '05: Proceedings of the 2005 symposium on Usable privacy and securityGraphical passwords are an alternative to alphanumeric passwords in which users click on images to authenticate themselves rather than type alphanumeric strings. We have developed one such system, called PassPoints, and evaluated it with human users. ...
A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords
SOUPS '06: Proceedings of the second symposium on Usable privacy and securityPrevious research has found graphical passwords to be more memorable than non-dictionary or "strong" alphanumeric passwords. Participants in a prior study expressed concerns that this increase in memorability could also lead to an increased ...
A Password Manager that Doesn't Remember Passwords
NSPW '14: Proceedings of the 2014 New Security Paradigms WorkshopThe problems with passwords are well-known: secure passwords are difficult to remember, users have too many passwords, and users have difficulty matching their passwords to accounts. Password managers and cued graphical passwords are two password ...
Comments