Graphical Authentication Schemes: Balancing Amount of Image Distortion

Abstract

Graphical authentication schemes offer a more memorable alternative to conventional passwords. One common criticism of graphical passcodes is the risk for observability by unauthorized onlookers. This type of threat is referred to as an Over-the-Shoulder Attack (OSA). A strategy to prevent casual OSAs is to distort the images, making them difficult for onlookers to recognize. Critically, the distortion should not harm legitimate users’ ability to recognize their passcode images. If designers select the incorrect amount of distortion, the passcode images could become vulnerable to attackers or images could become unrecognizable by users rendering the system useless for authentication. We suggest graphical authentication designers can distort images at brushstroke size 10 for a 112 × 90-pixel image to maintain user recognition and decrease casual OSAs. Also, we present mathematical equations to explicitly communicate the image distortion process to facilitate implementation of this OSA resistant approach.