Abstract
An alternative authentication method to traditional alphanumeric passwords is graphical password authentication, also known as graphical authentication, for which one of the most valuable cued-recall techniques is PassPoints. This technique stands out for its security and usability. However, it can be violated if the user follows a predefined pattern when selecting the five points in an image as their passwords, such as the DIAG and LINE patterns. Dictionary attacks can be built using these two patterns to compromise graphical passwords. So far, no reports have been found in the state of the art about any test capable of detecting graphical passwords with DIAG or LINE patterns in PassPoints. Studies carried out in other scenarios have shown the effectiveness of the characteristics of Delaunay triangulations in extracting information about the dependence between the points. In this work, graphical passwords formed by five randomly selected points on an image are compared with passwords whose points contain patterns of the DIAG or LINE type. The comparison is based on building for each password its Delaunay triangulation and calculating the mean value of the maximum angles of the triangles obtained; such a mean value is denoted by amadt. It is experimentally shown that in passwords containing DIAG and LINE patterns, the value of amadt is higher than the one obtained in passwords formed by random dots. From this result, it is proposed to use this amadt value as a statistic to build a test of means. This result constitutes the work’s main contribution: The proposal of a spatial randomness test to detect weak graphic passwords that contain DIAG and LINE type patterns. The importance and novelty of this result become evident when two aspects are taken into account: First, these weak passwords can be exploited by attackers to improve the effectiveness of their attacks; second, there are no prior criteria to detect this type of weak password. The practical application of said test contributes to increasing PassPoints security without substantially affecting its efficiency.
Highlights
In order to compare the mean of the amadt between passwords that follow a DIAG or LINE pattern and those that do not, three databases were generated by the authors for this study in an image with dimensions of 1920 × 1080:
The level α = 0.05 is recommended for general cases since it allows the detection of more than 88% and 91% of passwords with DIAG and LINE patterns, respectively, and only allows one false positive out of every 20 passwords
This work proposes a novel test to detect graphic passwords in PassPoints that follow a DIAG or LINE pattern, valid for all sizes of images selected by the user or system with a 16:9 ratio
Summary
With the rapid development and widespread use of new technologies, users have more and more information that must be protected, so it becomes necessary to use secure passwords that are easy to remember. Studies carried out [1–4] show that users tend to select phrases that are easy to remember or related to personal information as passwords, and an attacker could compromise them through various types of attacks. It is common to require a certain length of the password and the use of special characters. This tends to increase the security of the password, such measures greatly hinder its memorability. That is why graphic authentication systems emerge as an alternative, supported by the fact that humans more remember images or parts of them instead of texts [5]. Graphic passwords are an active field of current research, as evidenced by recent publications within the last two years [2,6–11]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
