Abstract
We propose and examine the usability and security of Cued Click Points (CCP), a cued-recall graphical password technique. Users click on one point per image for a sequence of images. The next image is based on the previous click-point. We present the results of an initial user study which revealed positive results. Performance was very good in terms of speed, accuracy, and number of errors. Users preferred CCP to PassPoints (Wiedenbeck et al., 2005), saying that selecting and remembering only one point per image was easier, and that seeing each image triggered their memory of where the corresponding point was located. We also suggest that CCP provides greater security than PassPoints because the number of images increases the workload for attackers.
version: June 29, 2007.
Chapter PDF
Similar content being viewed by others
References
Birget, J.C., Hong, D., Memon, N.: Graphical Passwords Based on Robust Discretization. IEEE Trans. Info. Forensics and Security 1(3) (September 2006)
Blonder, G.E.: Graphical Passwords. United States Patent 5,559,961 (1996)
Chiasson, S., Biddle, R.R., van Oorschot, P.C.: A Second Look at the Usability of Click-based Graphical Passwords. ACM SOUPS (2007)
Cranor, L.F., Garfinkel, S.: Security and Usability. O’Reilly Media (2005)
Davis, D., Monrose, F., Reiter, M.K.: On User Choice in Graphical Password Schemes. In: 13th USENIX Security Symposium (2004)
Dirik, A.E., Menon, N., Birget, J.C.: Modeling user choice in the PassPoints graphical password scheme. ACM SOUPS (2007)
Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The Design and Analysis of Graphical Passwords. In: 8th USENIX Security Symposium (1999)
Nelson, D.L., Reed, U.S., Walling, J.R.: Picture Superiority Effect. Journal of Experimental Psychology: Human Learning and Memory 3, 485–497 (1977)
Passfaces (last accessed: December 1, 2006), http://www.realuser.com
Peters, M.: Revised Vandenberg & Kuse Mental Rotations Tests: forms MRT-A to MRT-D. Technical Report, Department of Psychology, University of Guelph (1995)
Pinkas, B., Sander, T.: Securing Passwords Against Dictionary Attacks. ACM CCS (2002)
Renaud, K.: Evaluating Authentication Mechanisms. In: [4], ch. 6
Renaud, K., De Angeli, A.: My password is here! An investigation into visio-spatial authentication mechanisms. Interacting with Computers 16, 1017–1041 (2004)
Suo, X., Zhu, Y., Owen, G.S.: Graphical Passwords: A Survey. In: Annual Computer Security Applications Conference (2005)
Tari, F., Ozok, A.A., Holden, S.H.: A Comparison of Perceived and Real Shoulder-surfing Risks between Alphanumeric and Graphical Passwords. ACM SOUPS (2006)
Thorpe, J., van Oorschot, P.C.: Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. In: 16th USENIX Security Symposium (2007)
van Oorschot, P.C., Stubblebine, S.: On Countering Online Dictionary Attacks with Login Histories and Humans-in-the-Loop. ACM Trans. Information and System Security 9(3), 235–258 (2006)
Weinshall, D.: Cognitive Authentication Schemes Safe Against Spyware (Short Paper). In: IEEE Symposium on Security and Privacy (2006)
Wiedenbeck, S., Birget, J.C., Brodskiy, A., Memon, N.: Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice. ACM SOUPS (2005)
Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: PassPoints: Design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies 63, 102–127 (2005)
Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password Memorability and Security: Empirical Results. IEEE Security & Privacy Magazine 2(5) (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chiasson, S., van Oorschot, P.C., Biddle, R. (2007). Graphical Password Authentication Using Cued Click Points. In: Biskup, J., López, J. (eds) Computer Security – ESORICS 2007. ESORICS 2007. Lecture Notes in Computer Science, vol 4734. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74835-9_24
Download citation
DOI: https://doi.org/10.1007/978-3-540-74835-9_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74834-2
Online ISBN: 978-3-540-74835-9
eBook Packages: Computer ScienceComputer Science (R0)