Abstract
Draw a secret (DAS) is a representative graphical password scheme. Rigorous theoretical analysis suggests that DAS supports an overall password space larger than that of the ubiquitous textual password scheme. However, recent research suggests that DAS users tend to choose weak passwords, and their choices would render this theoretically sound scheme less secure in real life. In this paper we investigate the novel idea of introducing background images to the DAS scheme, where users were initially supposed to draw passwords on a blank canvas overlaid with a grid. Encouraging results from our two user studies have shown that people aided with background images tended to set significantly more complicated passwords than their counterparts using the original scheme. The background images also reduced other predictable characteristics in DAS passwords such as symmetry and centering within the drawing grid, further improving the strength of the passwords. We estimate that the average strength of successfully recalled passwords in the enhanced scheme was increased over those created using the original scheme by more than 10 bits. Moreover, a positive effect was observed with respect to the memorability of the more complex passwords encouraged by the background images.
Original language | English |
---|---|
Title of host publication | CCS'07 - Proceedings of the 14th ACM Conference on Computer and Communications Security |
Place of Publication | New York |
Pages | 36-47 |
Number of pages | 12 |
DOIs | |
Publication status | Published - 28 Oct 2007 |
Event | 14th ACM Conference on Computer and Communications Security, CCS'07 - Alexandria, VA, United States Duration: 29 Oct 2007 → 2 Nov 2007 |
Conference
Conference | 14th ACM Conference on Computer and Communications Security, CCS'07 |
---|---|
Country/Territory | United States |
City | Alexandria, VA |
Period | 29/10/07 → 2/11/07 |
Keywords
- authentication
- draw a secret
- graphical passwords
- usable security