We have presented graphical password schemes that achieve better security than conventional textual passwords. Our approaches exploit the input capabilities of graphical devices that allow us to decouple the position of inputs from the temporal order in which they occur. We presented arguments for the security of our schemes in which we analyzed the information content of the resulting password spaces. We also presented a novel approach for capturing the ``memorability'' of graphical passwords by examining the class of DAS passwords generated by short programs in a simple grid-based language, and showed that even this relatively small subset of graphical passwords (for some fixed program complexity) constitutes a much larger password space than the dictionaries of textual passwords to which a high percentage of passwords typically belong.
For future work we are exploring alternative schemes for modeling the memorability of DAS passwords that we hope will capture their high-level structure more intuitively than our current models. The goal is to capture the concept of organized drawings, in which the view of the whole is more than just the sum of the individual parts that constitute it. For example, one can view a square as an object in itself and not simply as an arrangement of the individual lines from which it is composed. In this way, we can define a set of primitive structures from which all ``memorable'' drawings can be derived using meta-level compositions of these primitives. We hope to show that even this reduced set of DAS passwords (for some reasonable number of primitives) constitutes a larger space than that of textual-based passwords, and as such will be significantly harder to crack in practice.