Graphical passwords
July 7, 2005 by AndrewThis paper described a graphical password technique where users were asked to click on 5 points in an image in the correct order.
There was some interesting discussion about how secure such as scheme is. I am left wondering if a simple eye-tracking study would reveal the dominant areas of a picture and then make a dictionary-style attack possible. If there are a few hot spots in images that many users pick when selecting their passwords, then how guessable would they be?
Also, what about interference? If you have pictures for more and more systems that you access, do the pick areas start to interfere with each other? Would I start clicking the wrong areas that are similar to the write areas in other picture passwords?
MGA wrote:
July 7th, 2005 at 08:03
I was thinking about similar questions during the talk. If i understand the work correctly, we can’t be sure whether the higher success rates for certain pictures indicate that the pictures actually provided stronger security or merely that they reduced the variability of selected passwords.
Here’s a link to the paper.
Thanks for posting, by the way! I hope more people will join in as well.