PassPoints: design and longitudinal evaluation of a graphical password system

Authors:
Susan Wiedenbeck;Jim Waters;Jean-Camille Birget;Alex Brodskiy;Nasir Memon
Affiliations:
College of Information Science & Technology, Drexel University, Philadelphia, PA;College of Information Science & Technology, Drexel University, Philadelphia, PA;Department of Computer Science, Rutgers, The State University of New Jersey, Camden, NJ;Department of Computer Science, Polytechnic University, Brooklyn, NY;Department of Computer Science, Polytechnic University, Brooklyn, NY
Venue:
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Year:
2005

Citing 14
Cited 73

Users are not the enemy

Communications of the ACM
Password security: a case history

Communications of the ACM
Interacting with identification technology: can it make us more secure?

CHI '02 Extended Abstracts on Human Factors in Computing Systems
Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security

BT Technology Journal
Hash visualization in user authentication

CHI '00 Extended Abstracts on Human Factors in Computing Systems
Usability and biometric verification at the ATM interface

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
UNIX Password Security - Ten Years Later

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
HCI and security systems

CHI '03 Extended Abstracts on Human Factors in Computing Systems
The domino effect of password reuse

Communications of the ACM - Human-computer etiquette
Passwords you'll never forget, but can't recall

CHI '04 Extended Abstracts on Human Factors in Computing Systems
Déjà Vu: a user study using images for authentication

SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
On user choice in graphical password schemes

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
The design and analysis of graphical passwords

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
VIP: a visual approach to user authentication

Proceedings of the Working Conference on Advanced Visual Interfaces

Authentication using graphical passwords: effects of tolerance and image choice

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Design and evaluation of a shoulder-surfing resistant graphical password scheme

Proceedings of the working conference on Advanced visual interfaces
A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Pass-thoughts: authenticating with our minds

NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Looking for trouble: understanding end-user security management

Proceedings of the 2007 symposium on Computer human interaction for the management of information technology
Pictures at the ATM: exploring the usability of multiple graphical passwords

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Improving password security and memorability to protect personal and organizational information

International Journal of Human-Computer Studies
A second look at the usability of click-based graphical passwords

Proceedings of the 3rd symposium on Usable privacy and security
Modeling user choice in the PassPoints graphical password scheme

Proceedings of the 3rd symposium on Usable privacy and security
On predictive models and user-drawn graphical passwords

ACM Transactions on Information and System Security (TISSEC)
Do background images improve "draw a secret" graphical passwords?

Proceedings of the 14th ACM conference on Computer and communications security
Human-seeded attacks and exploiting hot-spots in graphical passwords

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Centered discretization with application to graphical passwords (full paper)

UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Securing passfaces for description

Proceedings of the 4th symposium on Usable privacy and security
Action-based user authentication

International Journal of Electronic Security and Digital Forensics
PassShapes: utilizing stroke based authentication to increase password memorability

Proceedings of the 5th Nordic conference on Human-computer interaction: building bridges
Multi-grid background Pass-Go

WSEAS Transactions on Information Science and Applications
The design and implementation of background Pass-Go scheme towards security threats

WSEAS Transactions on Information Science and Applications
Panic passwords: authenticating under duress

HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
A comprehensive study of frequency, interference, and training of multiple graphical passwords

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Influencing users towards better passwords: persuasive cued click-points

BCS-HCI '08 Proceedings of the 22nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction - Volume 1
Guidelines for designing graphical authentication mechanism interfaces

International Journal of Information and Computer Security
Effects of a Mnemonic Technique on Subsequent Recall of Assigned and Self-generated Passwords

Proceedings of the Symposium on Human Interface 2009 on ConferenceUniversal Access in Human-Computer Interaction. Part I: Held as Part of HCI International 2009
Visual passwords: cure-all or snake-oil?

Communications of the ACM - Finding the Fun in Computer Science Education
Multiple password interference in text passwords and click-based graphical passwords

Proceedings of the 16th ACM conference on Computer and communications security
Graphical passwords: drawing a secret with rotation as a new degree of freedom

AsiaCSN '07 Proceedings of the Fourth IASTED Asian Conference on Communication Systems and Networks
SSSL: shoulder surfing safe login

SoftCOM'09 Proceedings of the 17th international conference on Software, Telecommunications and Computer Networks
Biometric identification via an oculomotor plant mathematical model

Proceedings of the 2010 Symposium on Eye-Tracking Research & Applications
Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Usability and strength in click-based graphical passwords

CHI '10 Extended Abstracts on Human Factors in Computing Systems
Effectiveness of image-based mnemonic techniques for enhancing the memorability and security of user-generated passwords

Computers in Human Behavior
The effect of baroque music on the PassPoints graphical password

Proceedings of the ACM International Conference on Image and Video Retrieval
A closer look at recognition-based graphical passwords on mobile devices

Proceedings of the Sixth Symposium on Usable Privacy and Security
Purely automated attacks on passpoints-style graphical passwords

IEEE Transactions on Information Forensics and Security
A stealth approach to usable security: helping IT security managers to identify workable security solutions

Proceedings of the 2010 workshop on New security paradigms
MARASIM: a novel jigsaw based authentication scheme using tagging

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Exploring implicit memory for painless password recovery

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Using and managing multiple passwords: A week to a view

Interacting with Computers
On designing usable and secure recognition-based graphical authentication mechanisms

Interacting with Computers
A multi-word password proposal (gridWord) and exploring questions about science in security research and usable security evaluation

Proceedings of the 2011 workshop on New security paradigms workshop
Facing the facts about image type in recognition-based graphical passwords

Proceedings of the 27th Annual Computer Security Applications Conference
Shoulder surfing defence for recall-based graphical passwords

Proceedings of the Seventh Symposium on Usable Privacy and Security
Analysis and design of graphical password techniques

ISVC'06 Proceedings of the Second international conference on Advances in Visual Computing - Volume Part II
A graphical-based password keystroke dynamic authentication system for touch screen handheld mobile devices

Journal of Systems and Software
Can background baroque music help to improve the memorability of graphical passwords?

ICIAR'10 Proceedings of the 7th international conference on Image Analysis and Recognition - Volume Part II
Rational security: Modelling everyday password use

International Journal of Human-Computer Studies
Biometric-rich gestures: a novel approach to authentication on multi-touch devices

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
WebTicket: account management using printable tokens

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Increasing the security of gaze-based cued-recall graphical passwords using saliency masks

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Tag association based graphical password using image feature matching

DASFAA'12 Proceedings of the 17th international conference on Database Systems for Advanced Applications - Volume Part II
Graphical passwords: Learning from the first twelve years

ACM Computing Surveys (CSUR)
Do you see your password?: applying recognition to textual passwords

Proceedings of the Eighth Symposium on Usable Privacy and Security
Exploration and field study of a password manager using icon-based passwords

FC'11 Proceedings of the 2011 international conference on Financial Cryptography and Data Security
Graphical password authentication using cued click points

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Evaluating the effect of user guidelines on creating click-draw based graphical passwords

Proceedings of the 2012 ACM Research in Applied Computation Symposium
NAPTune: fine tuning graphical authentication

Proceedings of the 3rd International Conference on Human Computer Interaction
Video-passwords: advertising while authenticating

Proceedings of the 2012 workshop on New security paradigms
PassMap: a map based graphical-password authentication system

Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
WYSWYE: shoulder surfing defense for recognition based graphical passwords

Proceedings of the 24th Australian Computer-Human Interaction Conference
On automated image choice for secure and usable graphical passwords

Proceedings of the 28th Annual Computer Security Applications Conference
Multiple password interference in graphical passwords

International Journal of Information and Computer Security
Evaluating the effect of tolerance on click-draw based graphical password scheme

ICICS'12 Proceedings of the 14th international conference on Information and Communications Security
Goals and Practices in Maintaining Information Systems Security

International Journal of Information Security and Privacy
Making graphic-based authentication secure against smudge attacks

Proceedings of the 2013 international conference on Intelligent user interfaces
MIBA: multitouch image-based authentication on smartphones

CHI '13 Extended Abstracts on Human Factors in Computing Systems
Age-related performance issues for PIN and face-based authentication systems

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Security implications of password discretization for click-based graphical passwords

Proceedings of the 22nd international conference on World Wide Web
Investigating User Behavior for Authentication Methods: A Comparison between Individuals with Down Syndrome and Neurotypical Users

ACM Transactions on Accessible Computing (TACCESS)
Patterns in the wild: a field study of the usability of pattern and pin-based authentication on mobile devices

Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Usability and security evaluation of GeoPass: a geographic location-password scheme

Proceedings of the Ninth Symposium on Usable Privacy and Security
Memory retrieval and graphical passwords

Proceedings of the Ninth Symposium on Usable Privacy and Security
Quantifying the security of graphical passwords: the case of android unlock patterns

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Towards narrative authentication: or, against boring authentication

Proceedings of the 2013 workshop on New security paradigms workshop

Quantified Score

Hi-index	0.00

Visualization

Abstract

Computer security depends largely on passwords to authenticate human users. However, users have difficulty remembering passwords over time if they choose a secure password, i.e. a password that is long and random. Therefore, they tend to choose short and insecure passwords. Graphical passwords, which consist of clicking on images rather than typing alphanumeric strings, may help to overcome the problem of creating secure and memorable passwords. In this paper we describe PassPoints, a new and more secure graphical password system. We report an empirical study comparing the use of PassPoints to alphanumeric passwords. Participants created and practiced either an alphanumeric or graphical password. The participants subsequently carried out three longitudinal trials to input their password over the course of 6 weeks. The results show that the graphical password users created a valid password with fewer difficulties than the alphanumeric users. However, the graphical users took longer and made more invalid password inputs than the alphanumeric users while practicing their passwords. In the longitudinal trials the two groups performed similarly on memory of their password, but the graphical group took more time to input a password.