Skip to main content
Article thumbnail
Location of Repository

Against spyware using CAPTCHA in graphical password scheme

By Liming Wang, Xiuling Chang, Zhongjie Ren, Gao Haichang, Xiyang Liu and Uwe Aickelin


Text-based password schemes have inherent security and usability problems, leading to the development of graphical\ud password schemes. However, most of these alternate schemes are vulnerable to spyware attacks. We propose a new scheme, using CAPTCHA (Completely Automated Public Turing tests to tell Computers and Humans Apart) that retaining the advantages of graphical password schemes, while simultaneously raising the cost of adversaries by orders of magnitude. Furthermore, some primary experiments are conducted and the results indicate that the usability should be improved in the future work

Publisher: IEEE
OAI identifier:
Provided by: Nottingham ePrints

Suggested articles


  1. (2004). A graphical password scheme strongly resistant to spyware.
  2. (2005). An association-based graphical password design resistant to shoulder-surfing attack.
  3. (2008). and A.S.El.Ahmad. A Low-cost Attack on a Microsoft CAPTCHA.
  4. (2007). and D.Wagner. Cryptanalysis of a Cognitive Authentication Scheme. In
  5. (2005). Authentication using graphical passwords: Basic results.
  6. (2003). CAPTCHA: Using hard AI problems for security.
  7. (2006). Cognitive Authentication Schemes Safe Against Spyware. In
  8. (2000). Déjà Vu: A User Study Using Images for Authentication.
  9. (2006). Design and evaluation of a shoulder-surfing resistant graphical password scheme.
  10. (2004). Distortion estimation techniques in solving visual CAPTCHAs,"
  11. (2004). Exploring Spyware Effects,
  12. (1990). Foiling the cracker: A survey of, and improvement to, password security.
  13. Generating and remembering passwords.
  14. (1996). Graphical passwords.
  15. (2005). Hacking Exposed. McAfee, fifth edition,
  16. (2006). How to Login From an Internet Cafe without Worrying about Keyloggers.
  17. (2006). Johnny Can Obfuscate: Beyond Mother’s Maiden Name.
  18. (2006). KLASSP: Entering Passwords on a Spyware Infected Machine. Using a Shared-Secret
  19. (2009). last accessed in
  20. (2004). Measurement and Analysis of Spyware in a University Environment.
  21. (2008). Password Entry Scheme Resistant to Eavesdropping, Security and Management,
  22. Password security: A case study.
  23. Recognizing Objects in Adversarial Clutter: Breaking a Visual CAPTCHA.
  24. Spy resistant keyboard: more secure password entry on public touch screen displays.
  25. Taking a Graphical Approach to the Password.
  26. Telling Humans and Computer Apart Automatically.
  27. (1999). The design and analysis of graphical passwords.
  28. (2001). Transforming the ‘weakest link’ – a human/computer interaction approach to usable and effective security.
  29. (2004). Understanding Spyware: Risk and Response. In doi
  30. (1990). UNIX password security – ten years later.
  31. (2008). Usability of CAPTCHAs - Or, Usability issues in CAPTCHA design.

To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.