Graphical Passwords, or Drawing Secrets

If you're like most people, you have more than one password. In fact, you probably have lots of passwords, and remembering and managing the combinations of letters and numbers is a headache--and not always secure. Which is one reason why Jeff Yan, a lecturer at Newcastle University, is working with "graphical passwords," which involve drawing pictures instead of typing in characters.

The technology, referred to as Draw a Secret (DAS), is a graphical password scheme whereby users draw a secret password as a free-form image on a grid, which is then encoded as an ordered sequence of cells. The software recalls the strokes, along with the number of times the pen is lifted.

By superimposing a background over the blank DAS grid, Yan and Ph.D. student Paul Dunphy have created a system called "Background Draw a Secret" (BDAS), which helps you remember where you began the drawing you are using as a password and also leads to graphical passwords that are less predictable, longer, and more complex. For example, if you choose a flower background, then draw a butterfly as your secret password image onto it, you have to remember where you began on the grid and the order of your pen strokes. It is recognized as identical if the encoding is the same, not the drawing itself, which allows for some margin of error as the drawing does not have to be re-created exactly.

People who took part in a study that compared DAS and BDAS were asked to repeat what they had initially drawn. One week later, they were asked to re-create the same image and 95 percent of the BDAS users did so within three attempts. Moreover, says Yan, the average recalled BDAS passwords were more complicated than their DAS counterparts by more than 10 bits, which means BDAS passwords improved security by a factor of more than 1024.

-- Jonathan Erickson
jerickson@ddj.com

Posted by Jon Erickson at 09:34 AM  Permalink