My password is here! An investigation into visuo-spatial authentication mechanisms

Passwords are the almost universal authentication mechanism, even though they are basically flawed and cause problems for users due to poor memorability. Graphical methods of authentication have recently excited some interest but little is known about their actual efficacy. There are basically two types of graphical authentication mechanisms: recognition-based and location-based—also called visuo-spatial mechanisms. Whereas some kinds of recognition-based graphical authentication mechanisms have been evaluated by various researchers, there is still a need to investigate locationbased graphical authentication mechanisms in a more rigorous fashion to determine whether they could be a viable alternative to traditional passwords for web usage. This paper discusses graphical authentication mechanisms in general and reports on the evaluation of one particular visuo-spatial mechanism, aimed at augmenting the password paradigm by providing a way to record passwords securely. Results and findings are presented, and conclusions drawn, some of which can also be applied to other types of visuo-spatial mechanisms. We also propose a set of metrics which can be used to measure the quality of web authentication mechanisms and apply these to a range of existing authentication mechanisms. q 2004 Published by Elsevier B.V.