Starting around 1999, a great many graphical password schemes have been proposed as
alternatives to text-based password authentication. We provide a comprehensive overview …

We evaluate two decades of proposals to replace text passwords for general-purpose user
authentication on the web using a broad set of twenty-five usability, deployability and …

Password authentication is still ubiquitous although alternatives have been developed to
overcome its shortcomings such as high cognitive load for users. Using an objective rating …

We provide the first published estimates of the difficulty of guessing a human-chosen 4-digit
PIN. We begin with two large sets of 4-digit sequences chosen outside banking for online …

Many security primitives are based on hard mathematical problems. Using hard AI problems
for security is emerging as an exciting new paradigm, but has been under-explored. In this …

Graphical password systems based upon the recall and reproduction of visual patterns (eg
as seen on the Google Android platform) are assumed to have desirable usability and …

We introduce and evaluate various methods for purely automated attacks against
PassPoints-style graphical passwords. For generating these attacks, we introduce a graph …

Challenging the conventional wisdom that users cannot remember cryptographically-strong
secrets, we test the hypothesis that users can learn randomly-assigned 56-bit codes …

Abstract Design of the user interface for authentication systems influences users and may
encourage either secure or insecure behaviour. Using data from four different but closely …

We provide an in-depth study of the security of click-based graphical password schemes like
PassPoints (Weidenbeck et al., 2005), by exploring popular points (hot-spots), and …