A Pilot Study of Multiple Password Interference Between Text and Map-Based Passwords

Today’s computer users have to remember several passwords for each of their accounts. It is easily noticed that people may have difficulty in remembering multiple passwords, which result in a weak password selection. Previous studies have shown that recall success rates are not statistically dissimilar between textual passwords and graphical passwords. With the advent of map-based graphical passwords, this paper focuses on multiple password interference and presents a pilot study consisting of 60 participants to study the recall of multiple passwords between text passwords and map-based passwords under various account scenarios. Each participant has to create six distinct passwords for different account scenarios. It is found that participants in the map-based graphical password scheme could perform better than the textual password scheme in both short-term (one-hour session) and long term (after two weeks) password memorability tests (i.e., they made higher success rates). Our effort attempts to complement existing studies and stimulate more research on this issue.

[1]  Eric Chan-Tin,et al.  SmartPass: a smarter geolocation-based authentication scheme , 2015, Secur. Commun. Networks.

[2]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[3]  Nasir D. Memon,et al.  Authentication using graphical passwords: effects of tolerance and image choice , 2005, SOUPS '05.

[4]  Steven Furnell,et al.  Surveying the Development of Biometric User Authentication on Mobile Phones , 2015, IEEE Communications Surveys & Tutorials.

[5]  Nasir D. Memon,et al.  Modeling user choice in the PassPoints graphical password scheme , 2007, SOUPS '07.

[6]  Lijun Jiang,et al.  On Multiple Password Interference of Touch Screen Patterns and Text Passwords , 2016, CHI.

[7]  Weizhi Meng,et al.  RouteMap: A Route and Map Based Graphical Password Scheme for Better Multiple Password Memory , 2015, NSS.

[8]  Julie Thorpe,et al.  Purely Automated Attacks on PassPoints-Style Graphical Passwords , 2010, IEEE Transactions on Information Forensics and Security.

[9]  Paul C. van Oorschot,et al.  On countering online dictionary attacks with login histories and humans-in-the-loop , 2006, TSEC.

[10]  Robert Biddle,et al.  A second look at the usability of click-based graphical passwords , 2007, SOUPS '07.

[11]  Hai Tao,et al.  Pass-Go: A Proposal to Improve the Usability of Graphical Passwords , 2008, Int. J. Netw. Secur..

[12]  Joseph Bonneau,et al.  The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords , 2012, 2012 IEEE Symposium on Security and Privacy.

[13]  Yuxin Meng,et al.  Designing Click-Draw Based Graphical Password Scheme for Better Authentication , 2012, 2012 IEEE Seventh International Conference on Networking, Architecture, and Storage.

[14]  Michael C. Anderson,et al.  Interference and inhibition in memory retrieval. , 1996 .

[15]  Christos Douligeris,et al.  NAVI: Novel authentication with visual information , 2012, 2012 IEEE Symposium on Computers and Communications (ISCC).

[16]  Joshua Cook,et al.  Improving password security and memorability to protect personal and organizational information , 2007, Int. J. Hum. Comput. Stud..

[17]  Alain Forget,et al.  Persuasive Cued Click-Points: Design, Implementation, and Evaluation of a Knowledge-Based Authentication Mechanism , 2012, IEEE Transactions on Dependable and Secure Computing.

[18]  Alain Forget,et al.  Multiple password interference in text passwords and click-based graphical passwords , 2009, CCS.

[19]  Mahdi Nasrullah Al-Ameen,et al.  Multiple-Password Interference in the GeoPass User Authentication Scheme , 2015 .

[20]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[21]  Robert Biddle,et al.  Graphical passwords: Learning from the first twelve years , 2012, CSUR.

[22]  Benny Pinkas,et al.  Securing passwords against dictionary attacks , 2002, CCS '02.

[23]  Wenjuan Li,et al.  Evaluating the Effect of Tolerance on Click-Draw Based Graphical Password Scheme , 2012, ICICS.

[24]  Darrell Long,et al.  Even or Odd: A Simple Graphical Authentication System , 2015, IEEE Latin America Transactions.

[25]  Ning Xu,et al.  Captcha as Graphical Passwords—A New Security Primitive Based on Hard AI Problems , 2014, IEEE Transactions on Information Forensics and Security.

[26]  Krzysztof Golofit Click Passwords Under Investigation , 2007, ESORICS.

[27]  J. Yan,et al.  Password memorability and security: empirical results , 2004, IEEE Security & Privacy Magazine.

[28]  Jeff Yan,et al.  Do background images improve "draw a secret" graphical passwords? , 2007, CCS '07.

[29]  Sudhir Aggarwal,et al.  Testing metrics for password creation policies by attacking large sets of revealed passwords , 2010, CCS '10.

[30]  Ting-Yi Chang,et al.  Implementing multiple biometric features for a recall-based graphical keystroke dynamics authentication system on a smart phone , 2015, J. Netw. Comput. Appl..

[31]  Haichang Gao,et al.  A new graphical password scheme against spyware by using CAPTCHA , 2009, SOUPS.

[32]  Hung-Min Sun,et al.  PassMap: a map based graphical-password authentication system , 2012, ASIACCS '12.

[33]  Ian Oakley,et al.  PassBYOP: Bring Your Own Picture for Securing Graphical Passwords , 2016, IEEE Transactions on Human-Machine Systems.

[34]  Tadayoshi Kohno,et al.  A comprehensive study of frequency, interference, and training of multiple graphical passwords , 2009, CHI.

[35]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[36]  Alireza Sahami Shirazi,et al.  Graphical Passwords in the Wild: Understanding How Users Choose Pictures and Passwords in Image-based Authentication Schemes , 2015, MobileHCI.

[37]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[38]  Julie Thorpe,et al.  Usability and security evaluation of GeoPass: a geographic location-password scheme , 2013, SOUPS.