Graphical Password: Usable Graphical Password Prototype

• Author: Ali Mohamed Eljetlawi; Norafida Bt.Ithnin
• Position: Faculty of Computer Science and Information Systems, Centre for Advanced Software Engineering (CASE); Faculty of Computer Science and Information Systems, Universiti Teknologi Malaysia
• Pages: 298-309

Faculty of Computer Science and Information Systems, Centre for Advanced Software Engineering (CASE), Universiti Teknologi Malaysia, City Campus, Jalan Semarak, 54100 Kuala Lumpur, Malaysia.

Faculty of Computer Science and Information Systems, Universiti Teknologi Malaysia, 81300 Skudai, Johor. Email: jetlawei@yahoo.com1, afida@utm.my

Page 298

1. 0 Introduction

The password is a very common and widely authentication method still used up to now but because of the huge advance in the uses of computer in many applications as data transfer, sharing data, login to emails or internet, some drawbacks of normal password appear like stolen the password, forgetting the password, week password, etc so a big necessity to have a strong authentication way is needed to secure all our applications as possible, so researches come out with advanced password called graphical password techniques where they tried to improve the password techniques and avoid the weakness of normal password. Alphanumeric passwords were first introduced in the late 1960s ( Sobrado and Birget, 2002), today, many networks, computer systems and Internet-based environments used this technique to authenticate their users. The vulnerabilities of this technique have been well known generally. Dictionary attack is the commonly method used by hackers to break or crack the alphanumeric password, such attack is very efficient mechanism because its only need a little time to discover the users passwords. Another major drawback of this method is the difficulty of remembering the passwords. As studied by Gilhooly (2005), the good and hard to guess or break passwords basically difficult to memorize. Recent studies from Dhamija et al (2000) showed that humans are only capable to memorize a limited number of passwords, because of this syndrome, they often to write down, share and use the same passwords for different current account. Graphical password techniques have been proposed as an alternative to conventional based techniques. It has been designed to overcome the known weakness of conventional password. It also designed to make the passwords more memorable, easier for people to use and therefore more secure. Based on the two assumptions; first, humans can remember pictures better than alphanumeric characters and second, a picture worth a thousand passwords; some psychological studies and company software seem to agree with these assumptions ( Shepard, 1967; Real User Corporation, 2007). As known generally, the main drawbacks for the current graphical password schemes are the shoulder-surfing problem and usability problem. Even though graphical passwords are difficult to guess and break, if someone direct observe during the password enter sessions, he/she probably figure out the password by guessing it randomly. Nevertheless, the issue of how to design the authentication systems which have both the security and usability elements is yet another example of what making the challenge of Human Computer Interaction (HCI) and security communities. ( Shepard, 1967). Even though the main argument for graphical passwords is that humans are better at memorizing graphical passwords than conventional passwords, the existing user studies are very limited and there is not yet convincing the fact to support this argument. We have found that the existing recognition base graphical passwords schemes does not have attractive usability features for the users which mean that the usability features needed to be studied more and develop more Page 299 usable systems for the Graphical Password. A collection of usability features will be implemented in the new graphical password prototype to be more usable for the users where this usability set includes the easy of use, memorize, creation, learning and satisfaction. Finally we propose a new graphical password scheme known as Jetlfida graphical password scheme.

2. 0 Summary of the Existing Recognition Base Graphical Password Techniques

2. 1 Recognition Base (Multiple-image schemes)

In recognition based techniques, users are given a set of pictures and they pick and memorize some of them. During authentication, the users need to recognize and identify the pictures they have picked earlier.

PassfacesTM, a commercial product by Passfaces Corporation, requires a user to select previously seen human face pictures as a password ( Passfaces, 2007), as shown in Figure 3.1 problem with PassfacesTM is that some faces displayed might not be welcomed by certain users. In other words, if a user has to look at some faces he/she does not like or even dislike, the login process will become unpleasant. Another drawback of PassfacesTM is that it cannot be used by people who are face-blind (a disease which affects a person's ability to tell faces apart).

Figure 3.1 PassfacesTM [Passfaces 2006]

(Figure in Pdf File)

Brostoff, S. and Sasse (2000) conducted a user study (34 subjects involved) on this scheme and their result suggests that PassfacesTM is easier to remember than textual passwords. Davis, D., Monrose, F., and Reiter, M. K. (2004) suggested a similar scheme, the story scheme, in which a user's password is a sequence of k images selected by the user to make a story, as shown in Figure 3.2. Page 300

Figure 3.2 Story scheme [Davis et al...