RouteMap: A Route and Map Based Graphical Password Scheme for Better Multiple Password Memory

Graphical passwords (GPs) are considered as one promising solution to replace traditional text-based passwords. Many GP schemes have been proposed in the literature such as PassPoints, DAS, Cued Click Points, GeoPass and so on. These schemes reported promising performance in their studies in the aspects of security and usability, however, we notice that these GP schemes may suffer from the issue of multiple password memory. In our first user study, it is identified that this issue has indeed become a big challenge. In real-world applications, users usually have to remember and maintain more than one password in different scenarios, thus, it is very essential to develop a better GP scheme to solve this issue. In this paper, we focus on map-based GPs and propose a scheme of RouteMap for better multiple password memory, which allows users to draw a route on a map as their secrets. In our second user study with 60 participants, it is found that users can achieve better performance using RouteMap in terms of multiple password memory, as compared with two similar schemes. Our effort attempts to complement existing studies and stimulate more research on this issue.

[1]  Sudhir Aggarwal,et al.  Testing metrics for password creation policies by attacking large sets of revealed passwords , 2010, CCS '10.

[2]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[3]  Krzysztof Golofit Click Passwords Under Investigation , 2007, ESORICS.

[4]  Hai Tao,et al.  Pass-Go: A Proposal to Improve the Usability of Graphical Passwords , 2008, Int. J. Netw. Secur..

[5]  Robert Biddle,et al.  A second look at the usability of click-based graphical passwords , 2007, SOUPS '07.

[6]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[7]  Robert Biddle,et al.  Graphical Password Authentication Using Cued Click Points , 2007, ESORICS.

[8]  Wenjuan Li,et al.  Evaluating the Effect of Tolerance on Click-Draw Based Graphical Password Scheme , 2012, ICICS.

[9]  Hung-Min Sun,et al.  PassMap: a map based graphical-password authentication system , 2012, ASIACCS '12.

[10]  J. Yan,et al.  Password memorability and security: empirical results , 2004, IEEE Security & Privacy Magazine.

[11]  Jeff Yan,et al.  Do background images improve "draw a secret" graphical passwords? , 2007, CCS '07.

[12]  R. Shepard Recognition memory for words, sentences, and pictures , 1967 .

[13]  V. S. Reed,et al.  Pictorial superiority effect. , 1976, Journal of experimental psychology. Human learning and memory.

[14]  Joseph Bonneau,et al.  The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords , 2012, 2012 IEEE Symposium on Security and Privacy.

[15]  Yuxin Meng,et al.  Designing Click-Draw Based Graphical Password Scheme for Better Authentication , 2012, 2012 IEEE Seventh International Conference on Networking, Architecture, and Storage.

[16]  Christos Douligeris,et al.  NAVI: Novel authentication with visual information , 2012, 2012 IEEE Symposium on Computers and Communications (ISCC).

[17]  Alain Forget,et al.  Persuasive Cued Click-Points: Design, Implementation, and Evaluation of a Knowledge-Based Authentication Mechanism , 2012, IEEE Transactions on Dependable and Secure Computing.

[18]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[19]  Patrick Olivier,et al.  Graphical passwords & qualitative spatial relations , 2007, SOUPS '07.

[20]  Nasir D. Memon,et al.  Modeling user choice in the PassPoints graphical password scheme , 2007, SOUPS '07.

[21]  Dino Schweitzer,et al.  A security class project in graphical passwords , 2010 .

[22]  Julie Thorpe,et al.  Usability and security evaluation of GeoPass: a geographic location-password scheme , 2013, SOUPS.

[23]  Ying Zhu,et al.  Graphical passwords: a survey , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).