A hybrid recognition and recall based approach in graphical passwords

Abstract

Graphical password authentication was developed based on the premise that humans are better at recognizing visual data than text-based information. Most recognition-based graphical password algorithms (e.g. Passface) possess adequate usability features but are prone to password guessing and shoulder surfing attacks. The recall-based algorithms on the other hand contain fewer number of usability features but provide a set of strong security features for authentication. The proposed algorithm developed in this research integrates the usability attributes of the Passface recognition based and security features of a recognition-based (i.e. WIW (Man et al. 2003)) and Passpoint recall-based algorithms to overcome the drawbacks of existing designs. The security of the proposed algorithm was evaluated by carrying out shoulder-surfing and password guessing attacks. Usability features such as simplicity to learn, memorize and remember the password were evaluated by measuring the number of forgotten, mistyped passwords and login time for each individual user. A questionnaire was also designed and distributed to test subjects to gather feedback on several usability aspects of the proposed algorithm. The results of the security test and survey illustrate that the proposed algorithm has strong security measures against shoulder surfing and password guessing.