TR-08-14: User interface design affects security: Patterns in click-based graphical passwords

Carleton University
Technical Report TR-08-14
June 16, 2008

User interface design affects security: Patterns in click-based graphical passwords

Sonia Chiasson, Alain Forget, Robert Biddle, P.C. van Oorschot

Abstract

Design of the user interface influences users and may encourage either secure or insecure behaviour. Using data from four different but closely related click-based graphical password studies, we show that user-selected passwords vary considerably in their predictability. Our analysis looks at click-point patterns within passwords and shows that PassPoints passwords follow distinct patterns. Surprisingly, these patterns occur independently of the background image. Conversely, CCP and PCCP passwords are nearly indistinguishable from those of a random dataset. These results provide insight on modeling effective password spaces and on how user interface characteristics lead to more (or less) secure user behaviour.

TR-08-14.pdf

Share: Twitter, Facebook
Short URL: https://carleton.ca/scs/?p=13264