TR-10-06: Exploring Usability Effects of Increasing Security in Click-based Graphical Passwords

Abstract

Graphical passwords have been proposed to address known problems with traditional text passwords. For example, memorable user-chosen text passwords are predictable, but random system-assigned passwords are difficult to remember. We explore the usability effects of modifying system parameters to increase the security of a cued-recall, click-based graphical password system. In this system, users create passwords consisting of one click per image on a click-dependent sequence of images. Generally, usability tests for graphical passwords have used configurations resulting in password spaces smaller than that of common text passwords. Our two-part lab study compares the effects of varying the number of click-points and the image size, including when configurations provide comparable password spaces. We use the J-statistic for comparison of relative clustering, which is known to impact security. For equivalent spaces, no usability advantage was evident between more click-points, or a larger image. This is contrary to our expectation that larger image size (with fewer click-points) might offer usability advantages over more click-points (with correspondingly smaller images). The results suggest promising opportunities for better matching graphical password system configuration to device constraints, or capabilities of individual users without degrading usability. For example, using more click-points on smart-phone displays (where larger image sizes are not possible).

TR-10-06.pdf