Effective Graphical Password Mechanism Using Two-Dimensional Shapes

Authors

  • Khalid Mansour
  • Bilal Eid Fayyadh
  • Yaser Al-Lahham
  • Hayel Khafajeh

DOI:

https://doi.org/10.47839/ijc.24.1.3884

Keywords:

Graphical passwords, Hardening Passwords, 2D shapes, Authentication systems

Abstract

Authentication systems are paramount to individuals and institutions. Several methods are proposed and used to grant access for legitimate users to systems. The most common way of authenticating users is textual passwords. However, textual passwords can be forgotten—especially if they are used infrequently—or easily guessed, as many users tend to choose simple passwords that are easy to remember. Furthermore, even though other authentication mechanisms can be used such as biometric passwords, these methods may require extra equipment and requirements. Graphical authentication methods were proposed because humans can remember pictures and shapes more than written text. This paper presents an empirical analysis of a password creation mechanism based on selecting several intersected 2D shapes. This mechanism of password creation enhances remembering passwords and protecting them from being attacked since it automatically transforms these shapes into long textual passwords. The experimental results show that users experience little difficulty in remembering the 2D passwords. On average, users require about two attempts or less to remember their passwords under all experimental results.

References

S. Agrawal, A. Z. Ansari, and M. S. Umar, “Multimedia graphical grid-based text password authentication: For advanced users,” Proceedings of the 2016 Thirteenth International Conference on Wireless and Optical Communications Networks (WOCN), 2016, pp. 1–5. https://doi.org/10.1109/WOCN.2016.7759884.

G. W. Bin, S. Safdar, R. Akbar, and S. Subramanian, “Graphical authentication based on anti- shoulder surfing mechanism,” Proceedings of the 2nd ACM International Conference on Future Works and Distributed Systems, ICFNDS’18, New York, NY, USA, 2018, Article no. 20, pp. 1-6. https://doi.org/10.1145/3231053.3231073.

N. Carter, C. Li, Q. Li, J. A. Stevens, E. Novak, Z. Qin, and J. Yu, “Graphical passwords for older computer users,” Proceedings of the Fifth ACM/IEEE Workshop on Hot Topics in Web Systems and Technologies, HotWeb’17, 2017, pp. 7:1–7:7. https://doi.org/10.1145/3132465.3132472.

B. E. Fayyadh, K. Mansour, and K. W. Mahmoud, “A new password authentication mechanism using 2d shapes,” Proceedings of the 2018 8th International Conference on Computer Science and Information Technology (CSIT), 2018, pp. 113–118. https://doi.org/10.1109/CSIT.2018.8486188.

Z.M. Saadi, A.T. Sadiq, O.Z. Akif, A.K. Farhan, “A survey: Security vulnerabilities and protective strategies for graphical passwords,” Electronics, vol. 13, issue 15, 3042, 2024. https://doi.org/10.3390/electronics13153042.

K. Juneja. An xml transformed method to improve the effectiveness of graphical password authentication. Journal of King Saud University – Computer and Information Sciences, vol. 32, issue 1, pp. 11–23, 2020. https://doi.org/10.1016/j.jksuci.2017.07.002.

S. Kumar, R. Ramya, R. Rashika, and R. Renu, “A survey on graphical authentication system resisting shoulder surfing attack,” In: Chiplunkar, N.N., Fukao, T. (eds) Advances in Artificial Intelligence and Data Engineering. AIDE 2019. Advances in Intelligent Systems and Computing, vol 1133, pp 761–770, 2020. Springer, Singapore. https://doi.org/10.1007/978-981-15-3514-7_57.

Gowtham M., M. K. Banga, and M. Patil, “Secured authentication systems for the Internet of things,” EAI Endorsed Transactions on Smart Cities, vol. 4, issue 11, 4, 2020.

I. Mackie and M. Yildirim, “A novel hybrid password authentication scheme based on text and image,” In: Kerschbaum, F., Paraboschi, S. (eds) Data and Applications Security and Privacy XXXII. DBSec 2018. Lecture Notes in Computer Science, vol 10980. Springer, Cham. https://doi.org/10.1007/978-3-319-95729-6_12.

C. McGoogan, “The world’s most common passwords revealed: Are you using them?” The Telegraph, Jan 2017, [Online]. Available at: https://www.telegraph.co.uk/technology/2017/01/16/worlds-common-passwords-revealed-using/.

W. Meng, L. Zhu, W. Li, J. Han, and Y. Li, “Enhancing the security of fintech applications with map-based graphical password authentication,” Future Generation Computer Systems, vol. 101, pp. 1018-1027, 2019. https://doi.org/10.1016/j.future.2019.07.038.

U. Singh, S. Chouhan, and S. Jain, “Images as graphical password: verification and analysis using non-regular low-density parity check coding,” International Journal of Information Technology, 2020. https://doi.org/10.1007/s41870-020-00477-x.

A. Delorme, M. Poncet, M. Fabre-Thorpe, “Briefly flashed scenes can be stored in long-term memory,” Frontiers in Neuroscience, vol. 12, article 688, 2018. https://doi.org/10.3389/fnins.2018.00688.

M. Xue, C. He, J. Wang, and W. Liu, “Lopa: A linear offset based poisoning attack method against adaptive fingerprint authentication system,” Computers and Security, vol. 99, 102046, 2020. https://doi.org/10.1016/j.cose.2020.102046.

G.-C. Yang, “Development status and prospects of graphical password authentication system in Korea,” KSII Transactions on Internet and Information Systems, vol. 10, issue 11, 2019.

X. Yu, Z. Wang, Y. Li, L. Li, W. T. Zhu, and L. Song, “Evopass: Evolvable graphical password against shoulder-surfing attacks,” Computers and Security, vol. 70, pp. 179–198, 2017. https://doi.org/10.1016/j.cose.2017.05.006.

Y. Al-Slais and W. El-Medany, “User-centric adaptive password policies to combat password fatigue,” International Arab Journal of Information Technology, vol. 19, no. 1, pp. 55-62, 2022, https://doi.org/10.34028/iajit/19/1/7.

K. Mansour and K. Mahmoud, “A new approach for textual password hardening using keystroke latency times,” The International Arab Journal of Information Technology, vol. 18, no. 3, pp. 336-346, 2021, https://doi.org/10.34028/iajit/18/3/10.

A. Jha, et al., “Graphical password authentication system for web and mobile applications in JavaScript,” Cybersecurity Issues, Challenges, and Solutions in the Business World, edited by Suhasini Verma, et al., IGI Global, 2023, pp. 160-185. https://doi.org/10.4018/978-1-6684-5827-3.ch011.

K. H. A. Al-Shqeerat, “An enhanced graphical authentication scheme using multiple-image steganography,” Computer Systems Science & Engineering (CSSE), vol. 44, no. 3, pp. 2095-2107, 2023. https://doi.org/10.32604/csse.2023.028975.

P. Andriotis, M. Kirby, & A. Takasu, “Bu-Dash: a universal and dynamic graphical password scheme (extended version),” Int. J. Inf. Secur., vol. 22, pp. 381–401, 2023. https://doi.org/10.1007/s10207-022-00642-2.

A.F. Rasheed, M. Zarkoosh, & F.R. Elia, “Enhancing graphical password authentication system with deep learning-based Arabic digit recognition,” Int. J. Inf. Tecnol., vol. 16, pp. 1419–1427, 2024. https://doi.org/10.1007/s41870-023-01561-8.

G. E. Raptis, C. Katsini, A. Jian-Lan Cen, N. A. Gamagedara Arachchilage, and L. E. Nacke, “Better, funner, stronger: A gameful approach to nudge people into making less predictable graphical password choices,” In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI'21), 2021, Article 112, pp. 1–17. https://doi.org/10.1145/3411764.3445658.

K. M. Quadry, A. Govardhan, M. Misbahuddin, “Design, analysis, and implementation of a two-factor authentication scheme using graphical password,” International Journal of Computer Network and Information Security, vol. 14, issue 3, pp.39-51, 2021. https://doi.org/10.5815/ijcnis.2021.03.04.

N. Patil, G. Bhutkar, P. Patil, P. Pishte, A. Popalghat, “Graphical-based password authentication,” In: Fong, S., Dey, N., Joshi, A. (eds) ICT Analysis and Applications. ICT4SD 2023. Lecture Notes in Networks and Systems, vol. 782, 2023. Springer, Singapore. https://doi.org/10.1007/978-981-99-6568-7_38.

H. Bostan, A. Bostan, “Shoulder surfing resistant graphical password schema: Randomized Pass Points (RPP),” Multimed Tools Appl, vol. 82, pp. 43517–43541, 2023. https://doi.org/10.1007/s11042-023-15227-x.

T. Kawamura, T. Ebihara, N. Wakatsuki and K. Zempo, "EYEDi: graphical authentication scheme of estimating your encodable distorted images to prevent screenshot attacks,” IEEE Access, vol. 10, pp. 2256-2268, 2022. https://doi.org/10.1109/ACCESS.2021.3138093.

Downloads

Published

2025-03-31

How to Cite

Mansour, K., Fayyadh, B. E., Al-Lahham, Y., & Khafajeh, H. (2025). Effective Graphical Password Mechanism Using Two-Dimensional Shapes. International Journal of Computing, 24(1), 134-140. https://doi.org/10.47839/ijc.24.1.3884

Issue

2025, Volume 24, Issue 1

Section

Articles

License

International Journal of Computing is an open access journal. Authors who publish with this journal agree to the following terms:
•    Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
•    Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
•    Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.