PassPoints

Design and longitudinal evaluation of a graphical password system

Susan Wiedenbeck, Jim Waters, Jean Camille Birget, Alex Brodskiy, Nasir Memon

    Research output: Contribution to journalArticle

    Abstract

    Computer security depends largely on passwords to authenticate human users. However, users have difficulty remembering passwords over time if they choose a secure password, i.e. a password that is long and random. Therefore, they tend to choose short and insecure passwords. Graphical passwords, which consist of clicking on images rather than typing alphanumeric strings, may help to overcome the problem of creating secure and memorable passwords. In this paper we describe PassPoints, a new and more secure graphical password system. We report an empirical study comparing the use of PassPoints to alphanumeric passwords. Participants created and practiced either an alphanumeric or graphical password. The participants subsequently carried out three longitudinal trials to input their password over the course of 6 weeks. The results show that the graphical password users created a valid password with fewer difficulties than the alphanumeric users. However, the graphical users took longer and made more invalid password inputs than the alphanumeric users while practicing their passwords. In the longitudinal trials the two groups performed similarly on memory of their password, but the graphical group took more time to input a password.

    Original languageEnglish (US)
    Pages (from-to)102-127
    Number of pages26
    JournalInternational Journal of Human Computer Studies
    Volume63
    Issue number1-2
    DOIs
    StatePublished - Jul 2005

    Fingerprint

    Security of data
    Computer Security
    Data storage equipment
    evaluation
    Group

    Keywords

    • Alphanumeric password
    • Authentication
    • Graphical password
    • PassPoints
    • Password security
    • Usable security

    ASJC Scopus subject areas

    • Artificial Intelligence
    • Human-Computer Interaction
    • Experimental and Cognitive Psychology

    Cite this

    PassPoints : Design and longitudinal evaluation of a graphical password system. / Wiedenbeck, Susan; Waters, Jim; Birget, Jean Camille; Brodskiy, Alex; Memon, Nasir.

    In: International Journal of Human Computer Studies, Vol. 63, No. 1-2, 07.2005, p. 102-127.

    Research output: Contribution to journalArticle

    Wiedenbeck, Susan ; Waters, Jim ; Birget, Jean Camille ; Brodskiy, Alex ; Memon, Nasir. / PassPoints : Design and longitudinal evaluation of a graphical password system. In: International Journal of Human Computer Studies. 2005 ; Vol. 63, No. 1-2. pp. 102-127.
    @article{fe6ef10fd030448b8267c0870e90d38c,
    title = "PassPoints: Design and longitudinal evaluation of a graphical password system",
    abstract = "Computer security depends largely on passwords to authenticate human users. However, users have difficulty remembering passwords over time if they choose a secure password, i.e. a password that is long and random. Therefore, they tend to choose short and insecure passwords. Graphical passwords, which consist of clicking on images rather than typing alphanumeric strings, may help to overcome the problem of creating secure and memorable passwords. In this paper we describe PassPoints, a new and more secure graphical password system. We report an empirical study comparing the use of PassPoints to alphanumeric passwords. Participants created and practiced either an alphanumeric or graphical password. The participants subsequently carried out three longitudinal trials to input their password over the course of 6 weeks. The results show that the graphical password users created a valid password with fewer difficulties than the alphanumeric users. However, the graphical users took longer and made more invalid password inputs than the alphanumeric users while practicing their passwords. In the longitudinal trials the two groups performed similarly on memory of their password, but the graphical group took more time to input a password.",
    keywords = "Alphanumeric password, Authentication, Graphical password, PassPoints, Password security, Usable security",
    author = "Susan Wiedenbeck and Jim Waters and Birget, {Jean Camille} and Alex Brodskiy and Nasir Memon",
    year = "2005",
    month = "7",
    doi = "10.1016/j.ijhcs.2005.04.010",
    language = "English (US)",
    volume = "63",
    pages = "102--127",
    journal = "International Journal of Human Computer Studies",
    issn = "1071-5819",
    publisher = "Academic Press Inc.",
    number = "1-2",

    }

    TY - JOUR

    T1 - PassPoints

    T2 - Design and longitudinal evaluation of a graphical password system

    AU - Wiedenbeck, Susan

    AU - Waters, Jim

    AU - Birget, Jean Camille

    AU - Brodskiy, Alex

    AU - Memon, Nasir

    PY - 2005/7

    Y1 - 2005/7

    N2 - Computer security depends largely on passwords to authenticate human users. However, users have difficulty remembering passwords over time if they choose a secure password, i.e. a password that is long and random. Therefore, they tend to choose short and insecure passwords. Graphical passwords, which consist of clicking on images rather than typing alphanumeric strings, may help to overcome the problem of creating secure and memorable passwords. In this paper we describe PassPoints, a new and more secure graphical password system. We report an empirical study comparing the use of PassPoints to alphanumeric passwords. Participants created and practiced either an alphanumeric or graphical password. The participants subsequently carried out three longitudinal trials to input their password over the course of 6 weeks. The results show that the graphical password users created a valid password with fewer difficulties than the alphanumeric users. However, the graphical users took longer and made more invalid password inputs than the alphanumeric users while practicing their passwords. In the longitudinal trials the two groups performed similarly on memory of their password, but the graphical group took more time to input a password.

    AB - Computer security depends largely on passwords to authenticate human users. However, users have difficulty remembering passwords over time if they choose a secure password, i.e. a password that is long and random. Therefore, they tend to choose short and insecure passwords. Graphical passwords, which consist of clicking on images rather than typing alphanumeric strings, may help to overcome the problem of creating secure and memorable passwords. In this paper we describe PassPoints, a new and more secure graphical password system. We report an empirical study comparing the use of PassPoints to alphanumeric passwords. Participants created and practiced either an alphanumeric or graphical password. The participants subsequently carried out three longitudinal trials to input their password over the course of 6 weeks. The results show that the graphical password users created a valid password with fewer difficulties than the alphanumeric users. However, the graphical users took longer and made more invalid password inputs than the alphanumeric users while practicing their passwords. In the longitudinal trials the two groups performed similarly on memory of their password, but the graphical group took more time to input a password.

    KW - Alphanumeric password

    KW - Authentication

    KW - Graphical password

    KW - PassPoints

    KW - Password security

    KW - Usable security

    UR - http://www.scopus.com/inward/record.url?scp=19944381937&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=19944381937&partnerID=8YFLogxK

    U2 - 10.1016/j.ijhcs.2005.04.010

    DO - 10.1016/j.ijhcs.2005.04.010

    M3 - Article

    VL - 63

    SP - 102

    EP - 127

    JO - International Journal of Human Computer Studies

    JF - International Journal of Human Computer Studies

    SN - 1071-5819

    IS - 1-2

    ER -