On the Usability and Security of Graphical Password Schemes

In recent years, graphical passwords have been proposed as an alternative to traditional alphanumeric passwords, which demonstrate weakness in necessitating exact recall and thereby promoting the selection of insecure passwords. Because there is much evidence to suggest that humans have a greater capacity to recall images as compared to text, graphical passwords hold promise as a form of authentication having increased memorability. At the same time, graphical passwords are more di cult to describe than textual passwords, and can hence o↵er enhanced phishing defenses. Prior studies have revealed certain problems associated with graphical password schemes, such as a bias in user selection of passwords. The goal of my user study is to evaluate memorability and bias in three common graphical password schemes while avoiding some of the pitfalls identified by previous research. My results demonstrate high levels of memorability for all password schemes investigated. A significant bias was observed, which reduced password security by a factor between 4 and 8.