Chapter Nine. Graphical Passwords

Fabian Monrose and Michael K. Reiter

A GRAPHICAL PASSWORD IS A SECRET THAT A HUMAN USER INPUTS TO A COMPUTER WITH THE AID OF the computer’s graphical input (e.g., mouse, stylus, or touch screen) and output devices. In this chapter, we review the arguments supporting graphical passwords as being potentially superior to text passwords, present several graphical password designs, and discuss some analyses of graphical password memorability and security.

Introduction

The ubiquity of graphical user interfaces and input devices, such as the mouse, stylus, and touch screen, that permit other than typed input, has enabled the emergence of graphical passwords. Graphical passwords are particularly useful for systems that do not have keyboards. In addition, they offer the possibility of addressing known weaknesses in text passwords. History has shown that the distribution of text passwords chosen by human users has entropy far lower than possible,[1] , [2] , [3] , [4] and this has remained a significant weakness of user authentication for over 30 years. Given the fact that pictures are generally more easily remembered than words,[5] , [6] it is conceivable that humans would select and remember graphical passwords that are stronger than the text passwords they typically select.

The goal of this chapter is to review some proposed graphical password schemes and the analyses that have been performed to evaluate their security and/or usability. Where appropriate, we ...

Get Security and Usability now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.