Abstract. We propose and examine the usability and security of Cued Click Points (CCP), a cued-recall graphical password technique. Users click on one point per image for a sequence of images. The next image is based on the previous click-point. We present the results of an initial user study which revealed positive results. Performance was very good in terms of speed, accuracy, and number of errors. Users preferred CCP to PassPoints (Wiedenbeck et al., 2005), saying that selecting and remembering only one point per image was easier, and that seeing each image triggered their memory of where the corresponding point was located. We also suggest that CCP provides greater security than PassPoints because the number of images increases the workload for attackers.

Graphical password systems have received significant attention as one potential solution to the need for more usable authentication, but nearly all prior work makes the unrealistic assumption of studying a single password. This paper presents the first study of multiple graphical passwords to systematically examine frequency of access to a graphical password, interference resulting from interleaving access to multiple graphical passwords, and patterns of access while training multiple graphical passwords. We find that all of these factors significantly impact the ease of authenticating using multiple facial graphical passwords. For example, participants who accessed four different graphical passwords per week were ten times more likely to completely fail to authenticate than participants who accessed a single password once per week. Our results underscore the need for more realistic evaluations of the use of multiple graphical passwords, have a number of implications for the adoption of graphical password systems, and provide a new basis for comparing proposed graphical password systems. Author Keywords Graphical passwords, usable security, authentication.

Previous efforts involving picture-based passwords have not focused on maintaining a measurably high level of entropy. Since password systems usually allow user selection of passwords, their true entropy remains unknown. A 23-participant study was performed in which picture and character-based passwords of equal strength were randomly assigned. Memorability was tested with up to one week between sessions. The study found that both character and picture passwords of very high entropy were easily forgotten. However, when password inputs were analyzed to determine the source of input errors, serial ordering was found to be the main cause of failure. This supports a hypothesis stating that picture-password systems which do not require ordered input may produce memorable, high-entropy passwords. Input analysis produced another interesting result, that incorrect inputs by users are often duplicated. This reduces the number of distinct guesses users can make when authentication systems lock out users after a number of failed logins. A protocol for ignoring duplicate inputs is presented here. A shoulder-surfing resistant input method was also evaluated, with six out of 15 users performing an insecure behavior.

Starting around 1999, a great many graphical password schemes have been proposed as alternatives to text-based password authentication. We provide a comprehensive overview of published research in the area, covering both usability and security aspects, as well as system evaluation. The paper first catalogues existing approaches, highlighting novel features of selected schemes and identifying key usability or security advantages. We then review usability requirements for knowledge-based authentication as they apply to graphical passwords, identify security threats that such systems must address and review known attacks, discuss methodological issues related to empirical evaluation, and identify areas for further research and improved methodology.

Abstract- We propose an authentication scheme resistant to eavesdropping attacks. Users select an alphanumeric password with a length of 9-15 symbols. They can use this password in the traditional manner from a secure client. The same password can also be used from a non-secure client in a manner highly resistant to eavesdropping attacks. Although more complex than traditional password entry, in our tests 11 out of 13 users had overall success rates of 80 % and above, and 12 of the 13 users had 100% success rates after the initial learning stage. The average authentication time is 1-2 minutes, depending on the password length. Like all similar authentication schemes reported to date, this scheme is too cumbersome for general use, but could be useful for special situations and with motivated users.

Recently a new human authentication scheme called PAS (predicate-based authentication service) was proposed, which does not require the assistance of any supplementary device. The main security claim of PAS is to resist passive adversaries who can observe the whole authentication session between the human user and the remote server. In this paper we give a detailed security analysis of PAS and show that PAS is insecure against both brute force attack and a probabilistic attack. In particular we show that the security of PAS against brute force attack was strongly overestimated. Furthermore, we in-∗ This is the full edition of a paper (with the same title) published in Proc. 25th Annual Computer Security Applications Conference (ACSAC 2009) by the IEEE. This paper is available online at

Passwords play a critical role in online authentication. Unfortunately, passwords suffer from two seemingly intractable problems: password cracking and password theft. In this paper, we propose PasswordAgent, a new password hashing mechanism that utilizes both a salt repository and a browser plug-in to secure web logins with strong passwords. Password hashing is a technique that allows users to remember simple low-entropy passwords and have them hashed to create high-entropy secure passwords. PasswordAgent generates strong passwords by enhancing the hash function with a large random salt. With the support of a salt repository, it gains a much stronger security guarantee than existing mechanisms. PasswordAgent is less vulnerable to offline attacks, and it provides stronger protection against password theft. Moreover, PasswordAgent offers some usability advantages over existing hash-based mechanisms, while maintaining users ’ familiar password entry paradigm. We build a prototype of PasswordAgent and conduct usability experiments. 1

Abstract not found

This paper presents a survey of proof by knowledge authentication techniques (text passwords, visual passwords and graphical passwords). Both new methods are more memorable, as people have to remember images and not characters and graphical passwords are also more secure. A total of 100 users participated in our survey, who after getting informed about the new authentication methods, they answered the questions of our questionnaire. Based on their answers, all participants have many passwords for their everyday needs and they try to select passwords that are not only memorable, but also secure. Unfortunately, they can not deal with proper password selection and they become victims of dictionary attacks. Understanding this situation, participants were very positive in learning more about the new authentication methods. They found both techniques memorable and friendly – visual passwords at most. However, they found graphical passwords a bit more complex and difficult to learn how to use them, something that they can overcome with small practice.

This paper reports two attacks on Undercover, a human authentication scheme against passive observers proposed at CHI 2008. The first attack exploits nonuniform human behavior in responding to authentication challenges and the second one is based on information leaked from authentication challenges or responses visible to the attacker. The second attack can be generalized to break two alternative Undercover designs presented at Pervasive 2009. All the attacks exploit design flaws of the Undercover implementations. Theoretical and experimental analyses show that both attacks can reveal the user’s password with high probability with O(10) observed login sessions. Both attacks were verified by using the login data collected in a user study with 28 participants. We also propose some enhancements to make Undercover secure against the attacks reported in this paper. Our research in breaking and improving Undercover leads to two broader implications. First, it reemphasizes the principle of “devil is in details ” for the design of security-related human-computer interface. Secondly, it reveals a subtle relationship between security and usability: human users may behave in an insecure way to compromise the security of a system. To design a secure human-computer interface, designers should pay special attention to possible negative influence of any detail of the interface including how human users interact with the system.