Abstract
Despite their widespread usage, text-based passwords are vulnerable to password cracking as users tend to choose weak passwords. This is mainly because the more secure a password is, the harder it is for a user to remember it. As a promising alternative, various graphical password systems, which take advantage of the fact that humans are more sensitive to visual information than verbal text, have been proposed over the past decade. However, graphical passwords come with their own vulnerabilities, such as high susceptibility to shoulder surfing and hotspots. In this paper, we develop a new cued-recall graphical password system called GridMap by exploring (1) the use of grids with variable input entered through the keyboard, and (2) the use of geopolitical maps as background images. As a result, GridMap is able to achieve high keyspace and resistance to shoulder surfing attacks. To validate the efficacy of GridMap in practice, we conduct a user study with 50 participants. Our experimental results show that GridMap works well in domains in which a user logs in on a regular basis, and provides a memorability benefit if the chosen map has a personal significance to the user.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Paivio, T.R.A., Smythe, P.C.: Why are pictures easier to recall than words? Psychon. Sci. 11(4), 137–138 (1968)
Biddle, R., Chiasson, S., Oorschot, P.C.V.: Graphical passwords: learning from the first twelve years. ACM Comput. Surv. 44(4), 1–41 (2011)
Bond, M.: Comments on grIDsure authentication, March 2008. http://www.cl.cam.ac.uk/ mkb23 /research/GridsureComments.pdf
Brostoff, S., Inglesant, P., Sasse, M.A.: Evaluating the usability and security of a graphical one-time pin system. In: Proceedings of the 24th BCS Interaction Specialist Group Conference, pp. 88–97 (2010)
Chiasson, S., Forget, A., Biddle, R., van Oorschot, P.C.: Influencing users towards better passwords: persuasive cued click-points. In: BCS HCI, vol. 1, pp.121–130 (2008)
Chiasson, S., van Oorschot, P.C., Biddle, R.: Graphical password authentication using cued click points. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 359–374. Springer, Heidelberg (2007)
Passface Corportion.: The Science Behind Passfaces. http://www.passfaces.com/published. Accessed June 2013
Dunphy, P., Fitch, A., Olivier, P.: Gaze-contingent passwords at the ATM. In: Proceedings of COGAIN 2008, September 2008
Dunphy, P., Yan, J.: Do images improve “draw a secret” graphical passwords? In: Proceedings of ACM CCS 2007, October 2007
Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of WWW 2007, pp. 657–666 (2007)
Forget, A., Chiasson, S., Biddle, R.: Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords. In: Proceedings of CHI 2010, pp. 1107–1110 (2010)
Forget, A., Chiasson, S., Biddle, R.: Supporting learning of an unfamiliar authentication scheme. In: AACE E-Learn, E-Learn 2012. AACE (2012)
GrIDsure. http://www.gridsure-security.co.uk. Accessed May 2013
Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The design and analysis of graphical passwords. In: Proceedings of USENIX Security Symposium 1999, August 1999
Kirkpatrick, E.A.: An experimental study of memory. Psychol. Rev. 1, 602–609 (1894)
Komanduri, S., Hutchings, D.R.: Order and entropy in picture passwords. In: Proceedings of Graphics Interface 2008 (2008)
Shepard, R.: Recognition memory for words, sentences, and pictures. J. Verbal Learn. Verbal Behav. 6, 156–163 (1967)
Stubblefield, A., Simon, D.: Inkblot authentication. Microsoft Research Technical report, (MSR-TR-2004-85)1–16 (2004)
Tari, F., Ozok, A.A., Holden, S.H.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of SOUPS 2006, July 2006
Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., Memon, N.: Authentication using graphical passwords: effects of tolerance and image choice. In: Proceedings of SOUPS 2005, July 2005
Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., Memon, N.: Passpoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum.-Comput. Stud. 63, 102–127 (2005)
Zakaria, N.H., Griffiths, D., Brostoff, S., Yan, J.: Shoulder surfing defence for recall-based graphical passwords. In: Proceedings of SOUPS 2011, July 2011
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Van Balen, N., Wang, H. (2015). GridMap: Enhanced Security in Cued-Recall Graphical Passwords. In: Tian, J., Jing, J., Srivatsa, M. (eds) International Conference on Security and Privacy in Communication Networks. SecureComm 2014. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 152. Springer, Cham. https://doi.org/10.1007/978-3-319-23829-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-23829-6_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23828-9
Online ISBN: 978-3-319-23829-6
eBook Packages: Computer ScienceComputer Science (R0)