Modeling user choice in the PassPoints graphical password scheme

Ahmet Emir Dirik, Nasir Memon, Jean Camille Birget

Research output: Chapter in Book/Report/Conference proceedingConference contribution


We develop a model to identify the most likely regions for users to click in order to create graphical passwords in the PassPoints system. A PassPoints password is a sequence of points, chosen by a user in an image that is displayed on the screen. Our model predicts probabilities of likely click points; this enables us to predict the entropy of a click point in a graphical password for a given image. The model allows us to evaluate automatically whether a given image is well suited for the PassPoints system, and to analyze possible dictionary attacks against the system. We compare the predictions provided by our model to results of experiments involving human users. At this stage, our model and the experiments are small and limited; but they show that user choice can be modeled and that expansions of the model and the experiments are a promising direction of research.

Original languageEnglish (US)
Title of host publicationSOUPS 2007
Subtitle of host publicationProceedings of the Third Symposium On Usable Privacy and Security
Number of pages9
StatePublished - 2007
EventSOUPS 2007: 3rd Symposium On Usable Privacy and Security - Pittsburgh, PA, United States
Duration: Jul 18 2007Jul 20 2007

Publication series

NameACM International Conference Proceeding Series


OtherSOUPS 2007: 3rd Symposium On Usable Privacy and Security
Country/TerritoryUnited States
CityPittsburgh, PA


  • Dic-tionary attack
  • Graphical passwords
  • Password entropy
  • User behavior

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications


Dive into the research topics of 'Modeling user choice in the PassPoints graphical password scheme'. Together they form a unique fingerprint.

Cite this