PassPoints: Design and longitudinal evaluation of a graphical password system

Susan Wiedenbeck, Jim Waters, Jean Camille Birget, Alex Brodskiy, Nasir Memon

Research output: Contribution to journalArticlepeer-review

Abstract

Computer security depends largely on passwords to authenticate human users. However, users have difficulty remembering passwords over time if they choose a secure password, i.e. a password that is long and random. Therefore, they tend to choose short and insecure passwords. Graphical passwords, which consist of clicking on images rather than typing alphanumeric strings, may help to overcome the problem of creating secure and memorable passwords. In this paper we describe PassPoints, a new and more secure graphical password system. We report an empirical study comparing the use of PassPoints to alphanumeric passwords. Participants created and practiced either an alphanumeric or graphical password. The participants subsequently carried out three longitudinal trials to input their password over the course of 6 weeks. The results show that the graphical password users created a valid password with fewer difficulties than the alphanumeric users. However, the graphical users took longer and made more invalid password inputs than the alphanumeric users while practicing their passwords. In the longitudinal trials the two groups performed similarly on memory of their password, but the graphical group took more time to input a password.

Original languageEnglish (US)
Pages (from-to)102-127
Number of pages26
JournalInternational Journal of Human Computer Studies
Volume63
Issue number1-2
DOIs
StatePublished - Jul 2005

Keywords

  • Alphanumeric password
  • Authentication
  • Graphical password
  • PassPoints
  • Password security
  • Usable security

ASJC Scopus subject areas

  • Software
  • Human Factors and Ergonomics
  • Education
  • Engineering(all)
  • Human-Computer Interaction
  • Hardware and Architecture

Fingerprint Dive into the research topics of 'PassPoints: Design and longitudinal evaluation of a graphical password system'. Together they form a unique fingerprint.

Cite this