Graphical passwords: a survey

The most common computer authentication method is to use alphanumerical usernames and passwords. This method has been shown to have significant drawbacks. For example, users tend to pick passwords that can be easily guessed. On the other hand, if a password is hard to guess, then it is often hard to remember. To address this problem, some researchers have developed authentication methods that use pictures as passwords. In this paper, we conduct a comprehensive survey of the existing graphical password techniques. We classify these techniques into two categories: recognition-based and recall-based approaches. We discuss the strengths and limitations of each method and point out the future research directions in this area. We also try to answer two important questions: "Are graphical passwords as secure as text-based passwords?"; "What are the major design and implementation issues for graphical passwords?" This survey will be useful for information security researchers and practitioners who are interested in finding an alternative to text-based authentication methods

[1]  Hideki Koike,et al.  Awase-E: Image-Based Authentication for Mobile Phones Using User's Favorite Images , 2003, Mobile HCI.

[2]  Susan Wiedenbeck,et al.  Authentication Using Graphical Passwords: Basic Results , 2005 .

[3]  Martina Angela Sasse,et al.  Why users compromise computer security mechanisms and how to take remedial measures. , 1999 .

[4]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[5]  Wayne A. Jansen,et al.  Authenticating Users on Handheld Devices , 2003 .

[6]  Dawn Song,et al.  Hash Visualization: a New Technique to improve Real-World Security , 1999 .

[7]  R. Shepard Recognition memory for words, sentences, and pictures , 1967 .

[8]  Andrew S. Patrick,et al.  HCI and security systems , 2003, CHI Extended Abstracts.

[9]  Richard P. Ayers,et al.  Picture Password: A Visual Login Technique for Mobile Devices , 2003 .

[10]  Eiji Okamoto,et al.  A User Identification System Using Signature Written with Mouse , 1998, ACISP.

[11]  L.D. Paulson Taking a graphical approach to the password , 2002, Computer.

[12]  Dawei Hong,et al.  A Shoulder-Surfing Resistant Graphical Password Scheme - WIW , 2003, Security and Management.

[13]  Julie Thorpe,et al.  Graphical Dictionaries and the Memorable Space of Graphical Passwords , 2004, USENIX Security Symposium.

[14]  Gilbert Cockton,et al.  People and Computers XIV — Usability or Else! , 2000, Springer London.

[15]  Wayne Jansen,et al.  Authenticating Mobile Device Users Through Image Selection | NIST , 2004 .

[16]  Sharath Pankanti,et al.  BIOMETRIC IDENTIFICATION , 2000 .

[17]  S. Akula,et al.  Image Based Registration and Authentication System , 2004 .

[18]  M. Angela Sasse,et al.  Are Passfaces More Usable Than Passwords? A Field Trial Investigation , 2000, BCS HCI.

[19]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[20]  Nasir D. Memon,et al.  Robust discretization, with an application to graphical passwords , 2003, IACR Cryptol. ePrint Arch..

[21]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[22]  W. Jansen,et al.  Authenticating Mobile Device UsersThrough Image Selection , 2004 .

[23]  Daphna Weinshall,et al.  Passwords you'll never forget, but can't recall , 2004, CHI EA '04.

[24]  Vibha Sazawal,et al.  Doodling our way to better authentication , 2002, CHI Extended Abstracts.

[25]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[26]  Julie Thorpe,et al.  Analyzing User Choice in Graphical Passwords , 2004 .

[27]  Nasir D. Memon,et al.  Authentication using graphical passwords: effects of tolerance and image choice , 2005, SOUPS '05.

[28]  Julie Thorpe,et al.  Towards secure design choices for implementing graphical passwords , 2004, 20th Annual Computer Security Applications Conference.

[29]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..