15-05-2012, 11:05 AM
Graphical Password Authentication Using Cued Click Points
cued click point.pdf (Size: 167.07 KB / Downloads: 106)
Introduction
Various graphical password schemes [14] have been proposed as alternatives to
text-based passwords. Research and experience have shown that text-based pass-
words are fraught with both usability and security problems that make them less
than desirable solutions [21]. Psychology studies have revealed that the human
brain is better at recognizing and recalling images than text [8]; graphical pass-
words are intended to capitalize on this human characteristic in hopes that by
reducing the memory burden on users, coupled with a larger full password space
offered by images, more secure passwords can be produced and users will not
resort to unsafe practices in order to cope.
Background and Related Work
Graphical password schemes can be grouped into three general categories based
on the type of cognitive activity required to remember the password: recogni-
tion, recall, and cued recall [5, 12]. Recognition is the easiest for human memory
whereas pure recall is most difficult since the information must be accessed from
memory with no triggers. Cued recall falls somewhere between these two as it
offers a cue which should establish context and trigger the stored memory [12].
Among existing graphical passwords, CCP most closely resembles aspects
of Passfaces [9], Story [5], and PassPoints [19, 20]. Therefore these graphical
password schemes are presented in more detail. Conceptually, CCP is a blend of
the three; in terms of implementation, it is most similar to PassPoints. It also
avoids the complex user training requirements found in a number of graphical
password proposals, such as that of Weinshall [18].
Cued Click Points
Cued Click Points (CCP) is a proposed alternative to PassPoints. In CCP, users
click one point on each of c = 5 images rather than on five points on one image. It
offers cued-recall and introduces visual cues that instantly alert valid users if they
have made a mistake when entering their latest click-point (at which point they
can cancel their attempt and retry from the beginning). It also makes attacks
based on hotspot analysis more challenging, as we discuss later. As shown in
Figure 1, each click results in showing a next-image, in effect leading users down
a “path” as they click on their sequence of points. A wrong click leads down an
incorrect path, with an explicit indication of authentication failure only after the
final click.