A Methodology for Evaluating the Strength of Cued-recall Graphical Passwords
Alshehri, Mohammad N.
MetadataShow full item record
With the revolution of computers, in particular smartphones, people use them to deal with sensitive information such as making online payments, online banking, managing medical records, and communicating with others via messages, emails, and social media. Consequently, computers and smartphones have become a storehouse of private information that must be protected from getting in the hands of unauthorized people. Verifying the identity of a computer’s users before granting access to them is one option of protection. Textual passwords and PINs are commonly used for authentication on standalone PCs, and smartphones. Users create problems, such as using easy to guess passwords and reusing them for several accounts in order to ease the load on their memory. A cued-recall graphical password is appealing as an alternative to a traditional textual password and PIN due to its potential usability, security, and memorability. The cued-recall graphical password uses a guiding image to create some actions that comprise the password. Since users tend to create predictable passwords, the guiding image content may impact the user’s choice of areas and password patterns when creating the new password. This impact may lead to creating easy to guess graphical passwords. This can happen due to the lack of knowledge about the strength of the created password. This dissertation presents a methodology for evaluating the strength of cued-recall graphical passwords in terms of guessability. The methodology considers two elements in the measurement, which are the image that is used as a guiding image for a graphical password and the password pattern that represents the actions used to compose the password. The output metrics are the bases of a strength meter that provides visual and textual feedback to users about the strength of the created graphical passwords. Feedback can be used to encourage users to create strong graphical passwords.