Verification Grid and Map Slipping Based Graphical Password against Shoulder-Surfing Attacks

Abstract

Graphical password systems have received significant attention as one potential solution to the need for more usable authentication, but graphical passwords are often considered prone to shoulder-surfing attacks. In this paper, in order to build a balance between usability and security for authentication, we propose a new graphical password scheme by combining a specific verification grid with map slipping strategy. In the proposed scheme, a set of fixed grids are pregenerated on a map. During the registration process, the user is not only asked to select several points in sequence on the map to form a password route, but also required to choose one of the pregenerated grids as a specific verification grid for the subsequent authentication. The password route and the specific verification grid together form the complete graphical password. During the authentication process, the user needs to slip the map to let each point on the password route sequentially fit inside the specific verification grid which is already remembered by the user but difficult to be detected by the attackers. With the specific verification grid and the map slipping strategy, the proposed scheme can effectively defend against shoulder-surfing attacks. Meanwhile, the password points are represented as coordinates on the map; therefore, the proposed scheme has a negligible storage burden. The comparative experiments show that, using the proposed scheme, the success rate of shoulder-surfing defense can be increased by 37% to 56% with different grid sizes and password point numbers, and the usability of passwords can also be improved by 3% to 6%. Therefore, the proposed scheme can achieve good shoulder-surfing defense and reasonable usability simultaneously.