Research Article
GridMap: Enhanced Security in Cued-Recall Graphical Passwords
@INPROCEEDINGS{10.1007/978-3-319-23829-6_6, author={Nicolas Balen and Haining Wang}, title={GridMap: Enhanced Security in Cued-Recall Graphical Passwords}, proceedings={International Conference on Security and Privacy in Communication Networks. 10th International ICST Conference, SecureComm 2014, Beijing, China, September 24-26, 2014, Revised Selected Papers, Part I}, proceedings_a={SECURECOMM}, year={2015}, month={11}, keywords={User authentication Graphical password Grid Map image}, doi={10.1007/978-3-319-23829-6_6} }
- Nicolas Balen
Haining Wang
Year: 2015
GridMap: Enhanced Security in Cued-Recall Graphical Passwords
SECURECOMM
Springer
DOI: 10.1007/978-3-319-23829-6_6
Abstract
Despite their widespread usage, text-based passwords are vulnerable to password cracking as users tend to choose weak passwords. This is mainly because the more secure a password is, the harder it is for a user to remember it. As a promising alternative, various graphical password systems, which take advantage of the fact that humans are more sensitive to visual information than verbal text, have been proposed over the past decade. However, graphical passwords come with their own vulnerabilities, such as high susceptibility to shoulder surfing and hotspots. In this paper, we develop a new cued-recall graphical password system called GridMap by exploring (1) the use of grids with variable input entered through the keyboard, and (2) the use of geopolitical maps as background images. As a result, GridMap is able to achieve high keyspace and resistance to shoulder surfing attacks. To validate the efficacy of GridMap in practice, we conduct a user study with 50 participants. Our experimental results show that GridMap works well in domains in which a user logs in on a regular basis, and provides a memorability benefit if the chosen map has a personal significance to the user.