Humans are not good at remembering alpha-numeric passwords, if the passwords are complicated enough to be secure. Graphical passwords seem easier to remember and to use. Here, an image is displayed and the user chooses a few places in the image. To log in, the user has to click close to these places again. Older systems use preprocessed images with predefined click regions, among which a user has to choose. The investigators designed systems that allow users to choose any points as click points, and that allow users to import their own images. The investigators invented a ``robust discretization'' of images; this enables users to produce exactly the same discrete password even though they cannot click on exactly the same pixels at each login. Passwords are vulnerable to ``shoulder surfing'', which consists of a user being observed, or filmed, during login. The investigators designed password systems that are immune to shoulder surfing.

One of the objectives of this proposal is a human factors study, concerning learnability, memorability, speed, security (unsafe practices), and user satisfaction of graphical password systems. A second objective is to design new graphical password systems, based on curves, movement, and three-dimensional scenes, as well as to design ``bundles'' of passwords that a user can use on different accounts, and that are easy to remember (and distinguish) as a group. New robust discretization algorithms and probabilistic analyses of the security of graphical password systems will be developed.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
0310159
Program Officer
Karl Levitt
Project Start
Project End
Budget Start
2003-08-15
Budget End
2005-07-31
Support Year
Fiscal Year
2003
Total Cost
$73,398
Indirect Cost
Name
Polytechnic University of New York
Department
Type
DUNS #
City
Brooklyn
State
NY
Country
United States
Zip Code
11201