Next: Introduction
On User Choice in Graphical Password Schemes
Darren Davis1
-
Fabian Monrose2
-
Michael K. Reiter3
Abstract:
Graphical password schemes have been proposed as an alternative to
text passwords in applications that support graphics and mouse or
stylus entry. In this paper we detail what is, to our knowledge,
the largest published empirical evaluation of the effects of user
choice on the security of graphical password schemes. We show that
permitting user selection of passwords in two graphical password
schemes, one based directly on an existing commercial product, can
yield passwords with entropy far below the theoretical optimum and,
in some cases, that are highly correlated with the race or gender of
the user. For one scheme, this effect is so dramatic so as to
render the scheme insecure. A conclusion of our work is that
graphical password schemes of the type we study may generally
require a different posture toward password selection than text
passwords, where selection by the user remains the norm today.