A hybrid recognition and recall based approach in graphical passwords

Graphical password authentication was developed based on the premise that humans are better at recognizing visual data than text-based information. Most recognition-based graphical password algorithms (e.g. Passface) possess adequate usability features but are prone to password guessing and shoulder surfing attacks. The recall-based algorithms on the other hand contain fewer number of usability features but provide a set of strong security features for authentication. The proposed algorithm developed in this research integrates the usability attributes of the Passface recognition based and security features of a recognition-based (i.e. WIW (Man et al. 2003)) and Passpoint recall-based algorithms to overcome the drawbacks of existing designs. The security of the proposed algorithm was evaluated by carrying out shoulder-surfing and password guessing attacks. Usability features such as simplicity to learn, memorize and remember the password were evaluated by measuring the number of forgotten, mistyped passwords and login time for each individual user. A questionnaire was also designed and distributed to test subjects to gather feedback on several usability aspects of the proposed algorithm. The results of the security test and survey illustrate that the proposed algorithm has strong security measures against shoulder surfing and password guessing.

[1]  Dawei Hong,et al.  A Shoulder-Surfing Resistant Graphical Password Scheme - WIW , 2003, Security and Management.

[2]  N. Ithnin,et al.  Graphical Password: Prototype Usability Survey , 2008, 2008 International Conference on Advanced Computer Theory and Engineering.

[3]  Eiji Okamoto,et al.  A User Identification System Using Signature Written with Mouse , 1998, ACISP.

[4]  Ali Mohamed Eljetlawi,et al.  Graphical Password: Comprehensive Study of the Usability Features of the Recognition Base Graphical Password Methods , 2008, 2008 Third International Conference on Convergence and Hybrid Information Technology.

[5]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[6]  Arash Habibi Lashkari,et al.  A Wide range Survey on Recall Based Graphical User Authentications Algorithms Based on ISO and Attack Patterns , 2010, ArXiv.

[7]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[8]  Patrick Olivier,et al.  Graphical passwords & qualitative spatial relations , 2007, SOUPS '07.

[9]  Nasir D. Memon,et al.  Robust discretization, with an application to graphical passwords , 2003, IACR Cryptol. ePrint Arch..

[10]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[11]  Vibha Sazawal,et al.  Doodling our way to better authentication , 2002, CHI Extended Abstracts.

[12]  Ali Mohamed Eljetlawi,et al.  STUDY AND DEVELOP A NEW GRAPHICAL PASSWORD SYSTEM , 2008 .

[13]  Uwe Aickelin,et al.  A New Graphical Password Scheme Resistant to Shoulder-Surfing , 2010, 2010 International Conference on Cyberworlds.

[14]  Ali Mohamed Eljetlawi,et al.  Graphical password: Existing recognition base graphical password usability , 2010, INC2010: 6th International Conference on Networked Computing.

[15]  Dugald Ralph Hutchings,et al.  Order and entropy in picture passwords , 2008, Graphics Interface.

[16]  Antonella De Angeli,et al.  Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems , 2005, Int. J. Hum. Comput. Stud..

[17]  Ying Zhu,et al.  The Impact of Image Choices on the Usability and Security of Click Based Graphical Passwords , 2009, ISVC.

[18]  Maslin Masrom,et al.  A Survey on Recognition Based Graphical User Authentication Algorithms , 2009, ArXiv.

[19]  Arash Habibi Lashkari,et al.  A new algorithm on Graphical User Authentication(GUA)based on multi-line grids , 2010 .

[20]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .