Title: Multiple password interference in graphical passwords

Authors: Haichang Gao; Licheng Ma; Wei Jia; Fei Ye

Addresses: Software Engineering Institute, Xidian University, Xi'an, Shaanxi 710071, China ' Software Engineering Institute, Xidian University, Xi'an, Shaanxi 710071, China ' Software Engineering Institute, Xidian University, Xi'an, Shaanxi 710071, China ' Software Engineering Institute, Xidian University, Xi'an, Shaanxi 710071, China

Abstract: Considerable studies verified that people are vulnerable to multiple passwords interference in alphanumeric passwords but few studies in graphical passwords. We conducted a study on multiple password interference in graphical passwords and examined the effects on users' behaviour and performance. DAS, PassPoints and PassFaces, three canonical graphical passwords, represent the three main memory categories: recall, cued-recall and recognition. PassPoints were divided into PassPoints-I and PassPoints-II, corresponding to associated and unassociated cued-recall memory respectively. The study results indicate that the multiple password interference exercises strong impacts in PassFaces and is significant in DAS and PassPoints-II only in the long-term memory, while has no impact in PassPoints-I. From psychological analysis, it is clear that recall-based, recognition-based and associated cued-recall-based schemes are all susceptible to multiple password interference to some extent, while unassociated cued-recall based is not subject to memory password interference.

Keywords: multiple password interference; graphical passwords; PassPoints; Draw-A-Secret; DAS; PassFaces; recall; cued-recall; recognition; user behaviour; performance; memory password interference.

DOI: 10.1504/IJICS.2012.051078

International Journal of Information and Computer Security, 2012 Vol.5 No.1, pp.11 - 27

Published online: 30 Aug 2014 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article