Skip to main content
SpringerLink
Log in

Exploring Effect of Location Number on Map-Based Graphical Password Authentication

  • Conference paper
  • First Online:
Information Security and Privacy (ACISP 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10343))

Included in the following conference series:

Abstract

Graphical passwords (GPs) that authenticate users using images are considered as one potential alternative to overcome the issues of traditional textual passwords. Based on the idea of utilizing an extremely large image, map-based GPs like PassMap and GeoPass have been developed, where users can select their secrets (geographical points) on a world map. In particular, PassMap allows users to select two locations on a map, while GeoPass reduces the number of locations to only one. At first glance, selecting one location is more vulnerable to attacks, while increasing the location number may add burden on users. In the literature, there is no research exploring this issue. Motivated by this, our purpose in this work is to explore the effect of location number (the number of geographical points) and compare two schemes of PassMap and GeoPass in terms of users’ performance and feedback. In this work, we develop a generic and open platform for realizing map-based schemes, and conduct a user study with 60 participants. The study reveals that selecting two locations would not degrade the scheme performance. Our effort aims to complement exiting research studies in this area.

W. Meng is previously known as Yuxin Meng.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.berkeleychurchill.com/software/android-pwgen/pwgen.php.

References

  1. Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, pp. 538–552 (2012)

    Google Scholar 

  2. Chiasson, S., Oorschot, P.C., Biddle, R.: Graphical password authentication using cued click points. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 359–374. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74835-9_24

    Chapter  Google Scholar 

  3. Chiasson, S., Biddle, R., van Oorschot, P.C.: A second look at the usability of click-based graphical passwords. In: Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS), pp. 1–12. ACM, New York (2007)

    Google Scholar 

  4. Chiasson, S., Stobert, E., Forget, A., Biddle, R.: Persuasive cued click-points: design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE Trans. Dependable Secur. Comput. 9(2), 222–235 (2012)

    Article  Google Scholar 

  5. Davis, D., Monrose, F., Reiter, M.K.: On user choice in graphical password schemes. In: Proceedings of the 13th Conference on USENIX Security Symposium (SSYM), pp. 151–164. USENIX Association, Berkeley (2004)

    Google Scholar 

  6. Dirik, A.E., Memon, N., Birget, J.C.: Modeling user choice in the passpoints graphical password scheme. In: Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS), pp. 20–28. ACM, New York (2007)

    Google Scholar 

  7. Dunphy, P., Yan, J.: Do background images improve “draw a secret” graphical passwords? In: Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS), pp. 36–47 (2007)

    Google Scholar 

  8. Fox, S.: Future Online Password Could be a Map (2010). http://www.livescience.com/8622-future-online-password-map.html

  9. Georgakakis, E., Komninos, N., Douligeris, C.: NAVI: novel authentication with visual information. In: Proceedings of the 2012 IEEE Symposium on Computers and Communications (ISCC), pp. 588–595 (2012)

    Google Scholar 

  10. Gołofit, K.: Click passwords under investigation. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 343–358. Springer, Heidelberg (2007). doi:10.1007/978-3-540-74835-9_23

    Chapter  Google Scholar 

  11. Inglesant, P.G., Sasse, M.A.: The true cost of unusable password policies: password use in the wild. In: Proceedings of ACM SIGCHI Conference on Human Factors in Computing Systems (CHI), pp. 383–392 (2010)

    Google Scholar 

  12. Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The design and analysis of graphical passwords. In: Proceedings of the 8th Conference on USENIX Security Symposium, pp. 1–14. USENIX Association, Berkeley (1999)

    Google Scholar 

  13. Lin, D., Dunphy, P., Olivier, P., Yan, J.: Graphical passwords & qualitative spatial relations. In: Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS), pp. 161–162 (2007)

    Google Scholar 

  14. Meng, Y.: Designing click-draw based graphical password scheme for better authentication. In: Proceedings of the 7th IEEE International Conference on Networking, Architecture, and Storage (NAS), pp. 39–48 (2012)

    Google Scholar 

  15. Meng, Y., Li, W.: Evaluating the effect of tolerance on click-draw based graphical password scheme. In: Chim, T.W., Yuen, T.H. (eds.) ICICS 2012. LNCS, vol. 7618, pp. 349–356. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34129-8_32

    Chapter  Google Scholar 

  16. Meng, Y., Li, W.: Evaluating the effect of user guidelines on creating click-draw based graphical passwords. In: Proceedings of the 2012 ACM Research in Applied Computation Symposium (RACS), pp. 322–327 (2012)

    Google Scholar 

  17. Meng, Y., Li, W., Kwok, L.-F.: Enhancing click-draw based graphical passwords using multi-touch on mobile phones. In: Janczewski, L.J., Wolfe, H.B., Shenoi, S. (eds.) SEC 2013. IAICT, vol. 405, pp. 55–68. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39218-4_5

    Chapter  Google Scholar 

  18. Meng, W.: RouteMap: a route and map based graphical password scheme for better multiple password memory. In: Qiu, M., Xu, S., Yung, M., Zhang, H. (eds.) NSS 2015. LNCS, vol. 9408, pp. 147–161. Springer, Cham (2015). doi:10.1007/978-3-319-25645-0_10

    Chapter  Google Scholar 

  19. Meng, W.: Evaluating the effect of multi-touch behaviours on Android unlock patterns. Inf. Comput. Secur. 24(3), 277–287 (2016). Emerald

    Article  Google Scholar 

  20. Meng, W., Li, W., Wong, D.S., Zhou, J.: TMGuard: a touch movement-based security mechanism for screen unlock patterns on smartphones. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 629–647. Springer, Cham (2016). doi:10.1007/978-3-319-39555-5_34

    Google Scholar 

  21. Meng, W., Li, W., Kwok, L.-F., Choo, K.-K.R.: Towards enhancing click-draw based graphical passwords using multi-touch behaviours on smartphones. Comput. Secur. 65, 213–229 (2017)

    Article  Google Scholar 

  22. Nelson, D.L., Reed, V.S., Walling, J.R.: Pictorial superiority effect. J. Exp. Psychol. Hum. Learn. Mem. 2(5), 523–528 (1976)

    Article  Google Scholar 

  23. Passfaces. http://www.realuser.com/

  24. Shepard, R.N.: Recognition memory for words, sentences, and pictures. J. Verbal Learn. Verbal Behav. 6(1), 156–163 (1967)

    Article  Google Scholar 

  25. Spitzer, J., Singh, C., Schweitzer, D.: A security class project in graphical passwords. J. Comput. Sci. Coll. 26(2), 7–13 (2010)

    Google Scholar 

  26. Shin, J., Kancharlapalli, S., Farcasin, M., Chan-Tin, E.: SmartPass: a smarter geolocation-based authentication scheme. Secur. Commun. Netw. 8, 3927–3938 (2015)

    Article  Google Scholar 

  27. Suo, X., Zhu, Y., Owen, G.S.: Graphical passwords: a survey. In: Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC), pp. 463–472. IEEE Computer Society, USA (2005)

    Google Scholar 

  28. Sun, H., Chen, Y., Fang, C., Chang, S.: PassMap: a map based graphical-password authentication system. In: Proceedings of ASIACCS, pp. 99–100 (2012)

    Google Scholar 

  29. Tao, H., Adams, C.: Pass-Go: a proposal to improve the usability of graphical passwords. Int. J. Netw. Secur. 2(7), 273–292 (2008)

    Google Scholar 

  30. Thorpe, J., MacRae, B., Salehi-Abari, A.: Usability and security evaluation of GeoPass: a geographic location-password scheme. In: Proceedings of the 9th Symposium on Usable Privacy and Security (SOUPS), pp. 1–14 (2013)

    Google Scholar 

  31. Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., Memon, N.: Passpoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum. Comput. Stud. 63(1–2), 102–127 (2005)

    Article  Google Scholar 

  32. Weir, M., Aggarwal, S., Collins, M., Stern, H.: Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of CCS, pp. 162–175 (2010)

    Google Scholar 

  33. Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2, 25–31 (2004)

    Article  Google Scholar 

Download references

Acknowledgments

We would like to thank all participants for their hard work and cooperation in the user study, and thank all anonymous reviewers for their helpful comments in improving the paper. Part of this work was supported by the National Natural Science Foundation of China (Grant No. 61602396).

Author information

Authors and Affiliations

  1. Department of Applied Mathematics and Computer Science, Technical University of Denmark, Copenhagen, Denmark

    Weizhi Meng

  2. Infocomm Security Department, Institute for Infocomm Research, Singapore, Singapore

    Wang Hao Lee

  3. Department of Computing, The Hong Kong Polytechnic University, Kowloon, Hong Kong

    Man Ho Au

  4. Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg, Luxembourg

    Zhe Liu

Authors
  1. Weizhi Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wang Hao Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Man Ho Au
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zhe Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Weizhi Meng .

Editor information

Editors and Affiliations

  1. Queensland University of Technology, Brisbane, Queensland, Australia

    Josef Pieprzyk

  2. Queensland University of Technology, Brisbane, Queensland, Australia

    Suriadi Suriadi

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Meng, W., Lee, W.H., Au, M.H., Liu, Z. (2017). Exploring Effect of Location Number on Map-Based Graphical Password Authentication. In: Pieprzyk, J., Suriadi, S. (eds) Information Security and Privacy. ACISP 2017. Lecture Notes in Computer Science(), vol 10343. Springer, Cham. https://doi.org/10.1007/978-3-319-59870-3_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-59870-3_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-59869-7

  • Online ISBN: 978-3-319-59870-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation