Revisiting graphical passwords for augmenting, not replacing, text passwords

Authors:
Murat Akpulat;Kemal Bicakci;Ugur Cil
Affiliations:
Gumushane University, Gumushane, Turkey;TOBB University of Economics and Technology, Ankara, Turkey;TOBB University of Economics and Technology, Ankara, Turkey
Venue:
Proceedings of the 29th Annual Computer Security Applications Conference
Year:
2013

Citing 13
Cited 0

Déjà Vu: a user study using images for authentication

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
The design and analysis of graphical passwords

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Towards Usable Solutions to Graphical Password Hotspot Problem

COMPSAC '09 Proceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference - Volume 02
A hybrid graphical password based system

ICA3PP'11 Proceedings of the 11th international conference on Algorithms and architectures for parallel processing - Volume Part II
PhorceField: a phish-proof password ceremony

Proceedings of the 27th Annual Computer Security Applications Conference
Persuasive Cued Click-Points: Design, Implementation, and Evaluation of a Knowledge-Based Authentication Mechanism

IEEE Transactions on Dependable and Secure Computing
Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms

SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords

SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes

SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Graphical passwords: Learning from the first twelve years

ACM Computing Surveys (CSUR)
Exploration and field study of a password manager using icon-based passwords

FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
A Research Agenda Acknowledging the Persistence of Passwords

IEEE Security and Privacy
Statistical metrics for individual password strength

SP'12 Proceedings of the 20th international conference on Security Protocols

Quantified Score

Hi-index	0.00

Visualization

Abstract

Users generally choose weak passwords which can be easily guessed. On the other hand, adoption of alternatives to text passwords has been slow due to cost and usability factors. We acknowledge that incumbent passwords remain difficult to beat and introduce in this study Type&Click (T&C), a hybrid scheme supporting text passwords with the graphical passwords. In T&C, users first type a text as usual and then make a single click on an image to complete the password entry. While largely preserving the login experience with the text passwords, the new scheme utilizes accumulated scientific knowledge in graphical password research (implicit feedback, persuasion during password creation, leveraging cued recall memory). The results of our user study suggest that T&C is promising for augmenting text passwords for improved security without degrading usability.