Refining the test phase of usability evaluation: how many subjects is enough?
Human Factors - Special issue: measurement in human factors
CHI '92 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Usability inspection methods
High dictionary compression for proactive password checking
ACM Transactions on Information and System Security (TISSEC)
Password security: a case history
Communications of the ACM
Doodling our way to better authentication
CHI '02 Extended Abstracts on Human Factors in Computing Systems
Usability Engineering
The Art of Deception: Controlling the Human Element of Security
The Art of Deception: Controlling the Human Element of Security
Securing passwords against dictionary attacks
Proceedings of the 9th ACM conference on Computer and communications security
Testing web sites: five users is nowhere near enough
CHI '01 Extended Abstracts on Human Factors in Computing Systems
Photographic Authentication through Untrusted Terminals
IEEE Pervasive Computing
Making Passwords Secure and Usable
HCI 97 Proceedings of HCI on People and Computers XII
UNIX Password Security - Ten Years Later
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
A PIN-entry method resilient against shoulder surfing
Proceedings of the 11th ACM conference on Computer and communications security
Authentication using graphical passwords: effects of tolerance and image choice
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
PassPoints: design and longitudinal evaluation of a graphical password system
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Fast dictionary attacks on passwords using time-space tradeoff
Proceedings of the 12th ACM conference on Computer and communications security
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Cognitive Authentication Schemes Safe Against Spyware (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Design and evaluation of a shoulder-surfing resistant graphical password scheme
Proceedings of the working conference on Advanced visual interfaces
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Dictionary attacks using keyboard acoustic emanations
Proceedings of the 13th ACM conference on Computer and communications security
Pictures at the ATM: exploring the usability of multiple graphical passwords
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A large-scale study of web password habits
Proceedings of the 16th international conference on World Wide Web
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Graphical dictionaries and the memorable space of graphical passwords
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
On user choice in graphical password schemes
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Stronger password authentication using browser extensions
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Profiling Attacker Behavior Following SSH Compromises
DSN '07 Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract)
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Improving password security and memorability to protect personal and organizational information
International Journal of Human-Computer Studies
A usability study and critique of two password managers
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A second look at the usability of click-based graphical passwords
Proceedings of the 3rd symposium on Usable privacy and security
Modeling user choice in the PassPoints graphical password scheme
Proceedings of the 3rd symposium on Usable privacy and security
On predictive models and user-drawn graphical passwords
ACM Transactions on Information and System Security (TISSEC)
Do background images improve "draw a secret" graphical passwords?
Proceedings of the 14th ACM conference on Computer and communications security
Password management using doodles
Proceedings of the 9th international conference on Multimodal interfaces
Crowdsourcing user studies with Mechanical Turk
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Human-seeded attacks and exploiting hot-spots in graphical passwords
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
AMS '08 Proceedings of the 2008 Second Asia International Conference on Modelling & Simulation (AMS)
Order and entropy in picture passwords
GI '08 Proceedings of graphics interface 2008
Centered discretization with application to graphical passwords (full paper)
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Compromising Reflections-or-How to Read LCD Monitors around the Corner
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Securing passfaces for description
Proceedings of the 4th symposium on Usable privacy and security
Use Your Illusion: secure authentication usable anywhere
Proceedings of the 4th symposium on Usable privacy and security
On the predictability and security of user choice in passwords
On the predictability and security of user choice in passwords
Click Passwords Under Investigation
ESORICS '07 Proceedings of the 12th European symposium on Research In Computer Security
Can "Something You Know" Be Saved?
ISC '08 Proceedings of the 11th international conference on Information Security
Gaining Access with Social Engineering: An Empirical Study of the Threat
Information Systems Security
Reconsidering physical key secrecy: teleduplication via optical decoding
Proceedings of the 15th ACM conference on Computer and communications security
PassShapes: utilizing stroke based authentication to increase password memorability
Proceedings of the 5th Nordic conference on Human-computer interaction: building bridges
The design and implementation of background Pass-Go scheme towards security threats
WSEAS Transactions on Information Science and Applications
On Purely Automated Attacks and Click-Based Graphical Passwords
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
YAGP: Yet Another Graphical Password Strategy
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
SS'08 Proceedings of the 17th conference on Security symposium
On user involvement in production of images used in visual authentication
Journal of Visual Languages and Computing
A comprehensive study of frequency, interference, and training of multiple graphical passwords
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Influencing users towards better passwords: persuasive cued click-points
BCS-HCI '08 Proceedings of the 22nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction - Volume 1
Guidelines for designing graphical authentication mechanism interfaces
International Journal of Information and Computer Security
A distributed firewall and active response architecture providing preemptive protection
Proceedings of the 46th Annual Southeast Regional Conference on XX
Passwords: If We're So Smart, Why Are We Still Using Them?
Financial Cryptography and Data Security
It's No Secret. Measuring the Security and Reliability of Authentication via "Secret Questions
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Usable authentication and click-based graphical passwords
Usable authentication and click-based graphical passwords
Towards Usable Solutions to Graphical Password Hotspot Problem
COMPSAC '09 Proceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference - Volume 02
Multiple password interference in text passwords and click-based graphical passwords
Proceedings of the 16th ACM conference on Computer and communications security
User interface design affects security: patterns in click-based graphical passwords
International Journal of Information Security
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Multi-touch authentication on tabletops
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Standardizing privacy notices: an online study of the nutrition label approach
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A closer look at recognition-based graphical passwords on mobile devices
Proceedings of the Sixth Symposium on Usable Privacy and Security
Where do security policies come from?
Proceedings of the Sixth Symposium on Usable Privacy and Security
Purely automated attacks on passpoints-style graphical passwords
IEEE Transactions on Information Forensics and Security
Exploring usability effects of increasing security in click-based graphical passwords
Proceedings of the 26th Annual Computer Security Applications Conference
Smudge attacks on smartphone touch screens
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
Exploiting predictability in click-based graphical passwords
Journal of Computer Security
Evaluating the usability and security of a graphical one-time PIN system
BCS '10 Proceedings of the 24th BCS Interaction Specialist Group Conference
How much assurance does a PIN provide?
HIP'05 Proceedings of the Second international conference on Human Interactive Proofs
Graphical passwords based on robust discretization
IEEE Transactions on Information Forensics and Security
Protecting poorly chosen secrets from guessing attacks
IEEE Journal on Selected Areas in Communications
User Study, Analysis, and Usable Security of Passwords Based on Digital Objects
IEEE Transactions on Information Forensics and Security - Part 2
Graphical password authentication using cued click points
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
An efficient user verification system via mouse movements
Proceedings of the 18th ACM conference on Computer and communications security
On designing usable and secure recognition-based graphical authentication mechanisms
Interacting with Computers
Security and privacy considerations in digital death
Proceedings of the 2011 workshop on New security paradigms workshop
Proceedings of the 2011 workshop on New security paradigms workshop
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Increasing the security of gaze-based cued-recall graphical passwords using saliency masks
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do you see your password?: applying recognition to textual passwords
Proceedings of the Eighth Symposium on Usable Privacy and Security
Video-passwords: advertising while authenticating
Proceedings of the 2012 workshop on New security paradigms
PassMap: a map based graphical-password authentication system
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
WYSWYE: shoulder surfing defense for recognition based graphical passwords
Proceedings of the 24th Australian Computer-Human Interaction Conference
Tapas: design, implementation, and usability evaluation of a password manager
Proceedings of the 28th Annual Computer Security Applications Conference
On automated image choice for secure and usable graphical passwords
Proceedings of the 28th Annual Computer Security Applications Conference
A pilot study on the security of pattern screen-lock methods and soft side channel attacks
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
MIBA: multitouch image-based authentication on smartphones
CHI '13 Extended Abstracts on Human Factors in Computing Systems
Age-related performance issues for PIN and face-based authentication systems
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Designing leakage-resilient password entry on touchscreen mobile devices
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Security implications of password discretization for click-based graphical passwords
Proceedings of the 22nd international conference on World Wide Web
Improving user authentication on mobile devices: a touchscreen graphical password
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Exploring the design space of graphical passwords on smartphones
Proceedings of the Ninth Symposium on Usable Privacy and Security
Usability and security evaluation of GeoPass: a geographic location-password scheme
Proceedings of the Ninth Symposium on Usable Privacy and Security
Memory retrieval and graphical passwords
Proceedings of the Ninth Symposium on Usable Privacy and Security
POSTER: Graphical password using object-based image ranking
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
AphasiaWeb: a social network for individuals with aphasia
Proceedings of the 15th International ACM SIGACCESS Conference on Computers and Accessibility
Quantifying the security of graphical passwords: the case of android unlock patterns
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
SAuth: protecting user accounts from password database leaks
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Revisiting graphical passwords for augmenting, not replacing, text passwords
Proceedings of the 29th Annual Computer Security Applications Conference
On the security of picture gesture authentication
SEC'13 Proceedings of the 22nd USENIX conference on Security
Towards narrative authentication: or, against boring authentication
Proceedings of the 2013 workshop on New security paradigms workshop
| Hi-index | 0.00 |
Starting around 1999, a great many graphical password schemes have been proposed as alternatives to text-based password authentication. We provide a comprehensive overview of published research in the area, covering both usability and security aspects as well as system evaluation. The article first catalogues existing approaches, highlighting novel features of selected schemes and identifying key usability or security advantages. We then review usability requirements for knowledge-based authentication as they apply to graphical passwords, identify security threats that such systems must address and review known attacks, discuss methodological issues related to empirical evaluation, and identify areas for further research and improved methodology.