Douglas Stebila

Usability and security of gaze-based graphical grid passwords

Sample user-generated passwords.

Abstract

We present and analyze several gaze-based graphical password schemes based on recall and cued-recall of grid points; eye-trackers are used to record user's gazes, which can prevent shoulder-surfing and may be suitable for users with disabilities. Our 22-subject study observes that success rate and entry time for the grid-based schemes we consider are comparable to other gaze-based graphical password schemes. We propose the first password security metrics suitable for analysis of graphical grid passwords and provide an in-depth security analysis of user-generated passwords from our study, observing that, on several metrics, user-generated graphical grid passwords are substantially weaker than uniformly random passwords, despite our attempts at designing schemes to improve quality of user-generated passwords.

Keywords: graphical passwords, eye-tracking, usable security

Reference

Majid Arianezhad, Douglas Stebila, Behzad Mozaffari. Usability and security of gaze-based graphical grid passwords. In Andrew A. Adams, editor, Proc. 2nd Workshop on Usable Security (USEC) 2013, LNCS, vol. 7862, pp. 17-33. Springer, April 2013. © IFCA.

Download

Code

• Java code for estimates of probability distributions (ZIP)

Presentations

• 2013-04-01: USEC 2013. (PDF slides)

BibTeX

@inproceedings{USEC:AriSteMoz13,
 	Author = {Majid Arianezhad and Douglas Stebila and Behzad Mozaffari},
 	Booktitle = {Proc. 2013 Workshop on Usable Security (USEC)},
 	Doi = {10.1007/978-3-642-41320-9\_2},
 	Editor = {Andrew A. Adams},
 	Month = {April},
 	Pages = {17--33},
 	Publisher = {Springer},
 	Series = {LNCS},
 	Title = {Usability and security of gaze-based graphical grid passwords},
 	Volume = {7862},
 	Year = {2013}
 }