TR-05-11: On the Security of Graphical Password Schemes

Abstract

On the Security of Graphical Password Schemes P.C. van Oorschot, Julie Thorpe School of Computer Science, Carleton University, Canada Abstract In commonplace textual password schemes, users typically choose passwords that are easy to recall, exhibit patterns, and are thus vulnerable to brute-force dictionary attacks. This leads us to ask what classes of graphical passwords users tend to choose because they are more memorable, with particular focus on the “Draw-A-Secret” (DAS) graphical password scheme of Jermyn et al.(1999). We postulate a set of such classes based on password complexity factors (e.g., reflective symmetry and stroke-count), supported by a collection of cognitive studies on visual recall. We suggest that an attacker would prioritize an attack dictionary for graphical passwords based on these classes. We analyze the size of these classes for DAS (under reasonable parameter choices), showing their combined bit-size ranges from 31 to 41 – a surprisingly tiny proportion of the full password space (58 bits). Our results suggest that DAS (and other graphical password schemes) may well be less secure than previously believed, unless measures such as password rules are employed. For a given security level in DAS, this translates into a requirement for longer passwords with a higher stroke-count than previously believed. Finally, we examine methods to decrease susceptibility to graphical dictionary attacks. Our results have implications beyond DAS, to graphical password schemes in general; they can be directly applied to graphical password guidelines, proactive graphical password checking,and in the design of graphical password user studies.