Enhancing Click-Draw Based Graphical Passwords Using Multi-Touch on Mobile Phones

Part 2: Authentication and AuthorizationInternational audienceGraphical password based authentication systems are now becoming one of the potential alternatives to alleviate current over-reliance on traditional text-based password authentication. With the rapid development of mobile devices (i.e., the increase of computing power), this kind of authentication systems has been implemented on mobile phones to authenticate legitimate users and detect impostors. But in real deployment, we notice that users can utilize more actions like multi-touch on a mobile phone than on a common computer. The action of multi-touch, which refers to the process of touching a touchscreen with multiple fingers at the same time, is a distinguished feature on a touchscreen mobile phone. In this paper, we therefore attempt to explore the effect of multi-touch on creating graphical passwords in the aspect of security and usability. In particular, we conduct a study of using click-draw based graphical passwords in the evaluation, which combines current input types in the area of graphical passwords, and we further develop a multi-touch enabled scheme on mobile phones. Three experiments were conducted with 60 participants and the experimental results indicate that, by integrating the action of multi-touch, graphical passwords can be generally enhanced in the aspect of both security and usability

Security and usability in a hybrid property based graphical authentication system

Alphanumeric text and PINs continue to be the dominant authentication methods in spite of the numerous concerns by security researchers of their inability to properly address usability and security flaws and to effectively combine usability and security. These flaws have, however, contributed to the growing research interest in the development and use of graphical authentication systems as alternatives to text based systems. Graphical passwords or graphical authentication systems are password systems that use images rather than characters or numbersin user authentication. The picture superiority effect, a belief that humans are better able to memorise images than text, has very much influenced the proliferation of and support for graphical authentication systems. In spite of their growing acceptance, however, empirical studies have shown that graphical authentication systems have also inherited some of the flaws of text based passwords. Theseflaws include predictability, vulnerability to observational attacks and the inability of systems to efficiently combine security with usability. Hence there is a continued quest among usable security researchers to find that hypothetical system that has both strong usability and strong security. In this research, a novel concept for hybrid graphical authentication systems is developed. This consists of a class of systems that are called ‘property based authentication systems’ which adopt the use of image properties for user authentication, rather than specific images as used in existing systems. Image properties are specified contents of images which gives the image a set of characteristics. Several implementations of these systems have been developed and evaluated. Significant empirical performance studies have been conducted to evaluate these systems in terms of usability and security. The usability evaluations conducted evaluate thesystems in terms effectiveness, efficiency and user satisfaction, while security evaluations measure their susceptibility to common attacks. The results from these studies suggests that property based systems have better usability and security when compared to commonly known and well researched graphical authentication systems