PassPoints

Design and longitudinal evaluation of a graphical password system

Susan Wiedenbeck, Jim Waters, Jean Camille Birget, Alex Brodskiy, Nasir Memon

Research output: Contribution to journalArticle

Abstract

Computer security depends largely on passwords to authenticate human users. However, users have difficulty remembering passwords over time if they choose a secure password, i.e. a password that is long and random. Therefore, they tend to choose short and insecure passwords. Graphical passwords, which consist of clicking on images rather than typing alphanumeric strings, may help to overcome the problem of creating secure and memorable passwords. In this paper we describe PassPoints, a new and more secure graphical password system. We report an empirical study comparing the use of PassPoints to alphanumeric passwords. Participants created and practiced either an alphanumeric or graphical password. The participants subsequently carried out three longitudinal trials to input their password over the course of 6 weeks. The results show that the graphical password users created a valid password with fewer difficulties than the alphanumeric users. However, the graphical users took longer and made more invalid password inputs than the alphanumeric users while practicing their passwords. In the longitudinal trials the two groups performed similarly on memory of their password, but the graphical group took more time to input a password.

Original languageEnglish (US)
Pages (from-to)102-127
Number of pages26
JournalInternational Journal of Human Computer Studies
Volume63
Issue number1-2
DOIs
StatePublished - Jul 2005

Fingerprint

Security of data
Computer Security
Data storage equipment
evaluation
Group

Keywords

  • Alphanumeric password
  • Authentication
  • Graphical password
  • PassPoints
  • Password security
  • Usable security

ASJC Scopus subject areas

  • Artificial Intelligence
  • Human-Computer Interaction
  • Experimental and Cognitive Psychology

Cite this

PassPoints : Design and longitudinal evaluation of a graphical password system. / Wiedenbeck, Susan; Waters, Jim; Birget, Jean Camille; Brodskiy, Alex; Memon, Nasir.

In: International Journal of Human Computer Studies, Vol. 63, No. 1-2, 07.2005, p. 102-127.

Research output: Contribution to journalArticle

Wiedenbeck, Susan ; Waters, Jim ; Birget, Jean Camille ; Brodskiy, Alex ; Memon, Nasir. / PassPoints : Design and longitudinal evaluation of a graphical password system. In: International Journal of Human Computer Studies. 2005 ; Vol. 63, No. 1-2. pp. 102-127.
@article{fe6ef10fd030448b8267c0870e90d38c,
title = "PassPoints: Design and longitudinal evaluation of a graphical password system",
abstract = "Computer security depends largely on passwords to authenticate human users. However, users have difficulty remembering passwords over time if they choose a secure password, i.e. a password that is long and random. Therefore, they tend to choose short and insecure passwords. Graphical passwords, which consist of clicking on images rather than typing alphanumeric strings, may help to overcome the problem of creating secure and memorable passwords. In this paper we describe PassPoints, a new and more secure graphical password system. We report an empirical study comparing the use of PassPoints to alphanumeric passwords. Participants created and practiced either an alphanumeric or graphical password. The participants subsequently carried out three longitudinal trials to input their password over the course of 6 weeks. The results show that the graphical password users created a valid password with fewer difficulties than the alphanumeric users. However, the graphical users took longer and made more invalid password inputs than the alphanumeric users while practicing their passwords. In the longitudinal trials the two groups performed similarly on memory of their password, but the graphical group took more time to input a password.",
keywords = "Alphanumeric password, Authentication, Graphical password, PassPoints, Password security, Usable security",
author = "Susan Wiedenbeck and Jim Waters and Birget, {Jean Camille} and Alex Brodskiy and Nasir Memon",
year = "2005",
month = "7",
doi = "10.1016/j.ijhcs.2005.04.010",
language = "English (US)",
volume = "63",
pages = "102--127",
journal = "International Journal of Human Computer Studies",
issn = "1071-5819",
publisher = "Academic Press Inc.",
number = "1-2",

}

TY - JOUR

T1 - PassPoints

T2 - Design and longitudinal evaluation of a graphical password system

AU - Wiedenbeck, Susan

AU - Waters, Jim

AU - Birget, Jean Camille

AU - Brodskiy, Alex

AU - Memon, Nasir

PY - 2005/7

Y1 - 2005/7

N2 - Computer security depends largely on passwords to authenticate human users. However, users have difficulty remembering passwords over time if they choose a secure password, i.e. a password that is long and random. Therefore, they tend to choose short and insecure passwords. Graphical passwords, which consist of clicking on images rather than typing alphanumeric strings, may help to overcome the problem of creating secure and memorable passwords. In this paper we describe PassPoints, a new and more secure graphical password system. We report an empirical study comparing the use of PassPoints to alphanumeric passwords. Participants created and practiced either an alphanumeric or graphical password. The participants subsequently carried out three longitudinal trials to input their password over the course of 6 weeks. The results show that the graphical password users created a valid password with fewer difficulties than the alphanumeric users. However, the graphical users took longer and made more invalid password inputs than the alphanumeric users while practicing their passwords. In the longitudinal trials the two groups performed similarly on memory of their password, but the graphical group took more time to input a password.

AB - Computer security depends largely on passwords to authenticate human users. However, users have difficulty remembering passwords over time if they choose a secure password, i.e. a password that is long and random. Therefore, they tend to choose short and insecure passwords. Graphical passwords, which consist of clicking on images rather than typing alphanumeric strings, may help to overcome the problem of creating secure and memorable passwords. In this paper we describe PassPoints, a new and more secure graphical password system. We report an empirical study comparing the use of PassPoints to alphanumeric passwords. Participants created and practiced either an alphanumeric or graphical password. The participants subsequently carried out three longitudinal trials to input their password over the course of 6 weeks. The results show that the graphical password users created a valid password with fewer difficulties than the alphanumeric users. However, the graphical users took longer and made more invalid password inputs than the alphanumeric users while practicing their passwords. In the longitudinal trials the two groups performed similarly on memory of their password, but the graphical group took more time to input a password.

KW - Alphanumeric password

KW - Authentication

KW - Graphical password

KW - PassPoints

KW - Password security

KW - Usable security

UR - http://www.scopus.com/inward/record.url?scp=19944381937&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=19944381937&partnerID=8YFLogxK

U2 - 10.1016/j.ijhcs.2005.04.010

DO - 10.1016/j.ijhcs.2005.04.010

M3 - Article

VL - 63

SP - 102

EP - 127

JO - International Journal of Human Computer Studies

JF - International Journal of Human Computer Studies

SN - 1071-5819

IS - 1-2

ER -