ORIGINAL RESEARCH ARTICLE: Usability Study on Textual and Graphical Passwords

Aderonke B. Sakpere, Toluwase B. Ologundudu

Abstract

One of the most common methods used for authentication are passwords, in particular textual passwords. However, maintaining multiple textual passwords across various websites or information systems could be an overwhelming task especially when it comes to memorability. An alternative is Graphical passwords as pictures could be easier to recollect. Pictures on the other hand could be memory intensive. As a result, this research explores the use of graphical and textual passwords by integrating the strong points of both password scheme thereby providing stronger authentication platform that may be difficult for attackers to break. The use of a background image for memorability and security purpose was adopted in the implementation of the graphical scheme. A usability experiment was carried out with users from diverse background. The users were given the developed system that integrates the two password applications to use. A questionnaire was then administered to enable them share their user experience. Results from the evaluation of the system showed high level of acceptance of the use of a graphical password scheme from participants, even though it was a relatively new concept to them. In particular, 82% of the users preferred graphical passwords as a more secure scheme against the other 18% who preferred the use of a textual password. The textual password length and combination was simplified by avoiding excessive length since the graphical password augmented in terms of security. Overall, 77% of the participants were able to successfully carry out each task highlighted in the questionnaire.

Keywords

Password Schemes, Textual Password, Graphical Password, Usable Security, Authentication

Full Text:

PDF

References

Afandi RRB (2016). ChoCD: usable and secure graphical password authentication scheme (Masters dissertation, Universiti Sains Islam Malaysia).

Ajilore Oluwatoyin H, Malaka Lauretta E, Sakpere Aderonke B, & Oluwadebi Ayomi-posi G (2021). Interactive Survey Design Using Pidgin and GIFS. In 3rd African Human-Computer Interaction Conference (AfriCHI 2021), March 08–12, 2021, Maputo, Mozambique. ACM, New York, NY, USA, 13 pages. https://doi.org/10.1145/3448696.3448701

Arogundade Oluwasefunmi T, Sodipo Olawale G, Abayomi-Alli Olusola O, & Sakpere Aderonke B (2020). A Combined Security Scheme for Cloud Application Using Multifactor Authentication and OAUTH 2.0" FUTA Journal of Research in Science. Vol. 16 No 1 Nigeria.

Biddle R, Chiasson S, & Van Oorschot PC (2012). Graphical passwords: Learning from the first twelve years. ACM Computing Surveys (CSUR), 44(4), p.19.

Blonder GE (1996). Graphical Passwords. U.S. Patent No. 5,559,961. Washington, DC: U.S. Patent and Trademark Office.

Brostoff S & Sasse MA (2000). Are Passfaces more usable than passwords? A Field Trial Investigation. In: McDonald S., Waern Y., Cockton G. (eds) People and Computers XIV — Usability or Else! Springer, London. DOI: https://doi.org/10.1007/978-1-4471-0515-2_27 pp

Chuen YS, Al-rashdan M, & Al-Maatouk Q (2019). Graphical Password Strategy. Journal of Critical Reviews, 7(3), 2020.

Conklin A, Dietrich G, & Walz D (2004). Password-based authentication: A system perspective. Proceedings of the 37th annual Hawaii International Conference on system sciences, 2004, 10pp, 2004.

Dabeer S, Ahmad M, Umar MS, & Khan MH (2020). A Novel Hybrid User Authentication Scheme Using Cognitive Ambiguous Illusion Images. In Data Communication and Networks (pp. 107-118). Springer, Singapore.

Das ML, Saxena A, & Gulati VP (2004). A dynamic ID-based remote user authentication scheme. IEEE transactions on consumer electronics 50 (2), 629-631.

Dunphy P & Yan J (2007). Do background images improve draw a secret graphical passwords? In Proceedings of the 14th ACM conference on Computer and communications security (pp. 36-47). ACM.

Everitt KM, Bragin T, Fogarty J, & Kohno T (2009). A comprehensive study of frequency, interference, and training of multiple graphical passwords. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 889-898). ACM.

Fayyadh BE, Mansour K, & Mahmoud KW (2018). "A New Password Authentication Mechanism Using 2D Shapes". 8th International Conference on Computer Science and Information Technology (CSIT), 2018, pp. 113-118, doi: 10.1109/CSIT.2018.8486188.

Forget A, Chiasson S, Van Oorschot PC, & Biddle R (2008). Improving text passwords through persuasion. In Proceedings of the 4th symposium on Usable privacy and security (pp. 1-12). ACM.

Gao H, Liu X, Wang S, Liu H, & Dai R (2009). Design and analysis of a graphical password scheme. 2009 Fourth International Conference on Innovative Computing, Information and Control (ICICIC), Kaohsiung, 2009, pp. 675-678. DOI: 10.1109/ICICIC.2009.158. Retrieved January 22, 2019 from http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5412407&isnumber=5412194

Gokhale AS & Waghmare VS (2016). The shoulder surfing resistant graphical password authentication technique. Procedia Computer Science, 79, 490-498.

Jermyn IH, Mayer A, Monrose F, Reiter MK, & Rubin AD (1999). The design and analysis of graphical passwords. Proceedings of the 8th USENIX Security Symposium. Washington D.C., USA, August 23-26, 1999.

Jeyaraman S & Topkara U (2005). Have the cake and eat it too-Infusing usability into text-password based authentication systems. In 21st Annual Computer Security Applications Conference (ACSAC'05) (pp. 10-pp). IEEE.

Katsini C, Belk M, Fidas C, Avouris N, & Samaras G (2016). November. Security and usability in knowledge-based user authentication: A review. In Proceedings of the 20th Pan-Hellenic Conference on Informatics (pp. 1-6).

Kayem AV (2016). Graphical passwords- a discussion. 2016 30th International Conference on Advanced Information Networking and Application Workshops. 978-1-5090-2461-2/16 ©2016 IEEE, pg. 596-600. DOI 10.1109/WAINA.2016.31.

Mackie I & Yıldırım M (2018). A Novel Hybrid Password Authentication Scheme Based on Text and Image. In: Kerschbaum F., Paraboschi S. (eds) Data and Applications Security and Privacy XXXII. DBSec 2018. Lecture Notes in Computer Science, vol 10980. Springer, Cham. https://doi.org/10.1007/978-3-319-95729-6_12.

Medlin BD, Cazier JA, & Foulk DP (2008). Analyzing the vulnerability of US hospitals to social engineering attacks: how many of your employees would share their password? International Journal of Information Security and Privacy (IJISP), 2(3), pp.71-83.

Nizamani SZ, Hassan SR, Shaikh RA, Abozinadah EA, & Mehmood R (2021). A Novel Hybrid Textual-Graphical Authentication Scheme with Better Security, Memorability, and Usability. IEEE Access, 9, 51294-51312.

Patra K, Nemade B, Mishra DP, & Satapathy PP (2016). Cued-click point graphical password using circular tolerance to increase password space and persuasive features. Procedia Computer Science, 79, 561-568.

Pirim T, James T, Boswell K, Reithel B, & Barkhi R (2008). An empirical investigation of an individual's perceived need for privacy and security. International Journal of Information Security and Privacy (IJISP), 2(1), pp.42-53.

Sakpere AB (2018). Usability heuristics for fast crime data anonymization in resource-constrained contexts. Doctoral Dissertation, University of Cape Town.

Sakpere AB, Kayem AV, & Ndlovu T (2015). A usable and secure crime reporting system for technology resource constrained context. In 2015 IEEE 29th International Conference on Advanced Information Networking and Applications Workshops (pp. 424-429). IEEE.

Sakpere AB & Kayem AV (2017). On anonymizing streaming crime data: A solution approach for resource constrained environments. In IFIP International Summer School on Privacy and Identity Management (pp. 170-186). Springer, Cham.

Sommerville I (2011). Software engineering9th Edition. Addison-wesley. ISBN-10, 137035152.

Sarohi HK & Khan FU (2013). Graphical password authentication schemes: current status and key issues. International Journal of Computer Science Issues (IJCSI), 10(2 Part 1), p.437.

Shepard RN (1967). Recognition memory for words, sentences, and pictures. Journal of Verbal Learning and Verbal Behaviour. Vol 6, pp 156-163, 1967.

Suru HU & Murano P (2019). Security and user interface usability of graphical authentication systems–A review. International Journal of Engineering Trends and Technology (IJERT), 67, 17-36.

Valacich J, George J, & Hoffer J (2014). Essentials of systems analysis and design. Prentice Hall Press.

Velásquez I, Caro A, & Rodríguez A (2018). Authentication schemes and methods: A systematic literature review. Information and Software Technology, 94, 30-37.

Wiedenbeck S, Waters J, Birget J, Brodskiy A, & Memon N (2005). PassPoints: Design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies, Vol 63, Issues 1–2, July 2005, pp. 102-127. DOI: 10.1016/j.1jhcs.2005.04.010

Yan J, Blackwell A, Anderson R, & Grant A (2004). Password memorability and security: Empirical results. IEEE Security & privacy, 2(5), 25-31.

Zhao H & Li X (2007). S3PAS: A scalable shoulder-surfing resistant textual-graphical password authentication scheme. In 21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07) (Vol. 2, pp. 467-472). IEEE.

Refbacks

  • There are currently no refbacks.