Weizhi Meng1, Fei Fei2, Lijun Jiang2, Zhe Liu3, Chunhua Su4,
and Jinguang Han5
1 Department of Applied Mathematics and Computer Science, Technical University of Denmark, Denmark,
2 Department of Computer Science, City University of Hong Kong, Hong Kong SAR
3 Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg, Luxembourg
4 Division of Computer Science, University of Aizu, Japan
5 Department of Computer Science, University of Surrey, UK
Abstract. As traditional textual passwords suffer from many known limitations, graphical passwords (GPs) are proposed as one promising alternative to complement the existing authentication systems. To obtain a large password space, map-based GPs (geographical passwords) have been developed that allow users to choose one or more places on a map for authentication. For example, PassMap requires users to choose two places as their credentials, and GeoPass enables users to click only one place for authentication. Some research studies have reported that choosing only one place as a password may be not secure enough, whereas selecting two places may decrease the system usability. In this work, we first conducted a study to learn how users would choose two places under PassMap, and found that users may choose two similar locations due to time consideration. Motivated by this observation, we then design CPMap, a click-points map-based GP scheme that allows users to choose one place on a world map at first and then click a point or an object on an image relating to the previously selected location. To investigate the performance of CPMap, we conducted another user study with up to 50 participants. It is found that users could achieve promising results with our scheme in the aspects of both security and usability.
Keywords: User Authentication, Graphical Passwords, Map-based Passwords, Geographic Authentication, Security and Usability.
The paper published in the IFIP SEC 2018 confeence proceedings by Springer Verlag