Conventional (text-based) passwords have shown patterns such as variations on the username, or known passwords such as ”password”, ”admin” or ”12345”. Patterns may similarly be detected in the use of Graphical passwords (GPs). The most significant such pattern – reported by many researchers – is hotspot clustering. This paper qualitatively analyses more than 200 graphical passwords for patterns other than the classically reported hotspots. The qualitative analysis finds that a significant percentage of passwords fall into a small set of patterns; patterns that can be used to form attack models against GPs. In counter action, these patterns can also be used to educate users so that future password selection is more secure. It is the hope that the outcome from this research will lead to improved behaviour and an enhancement in graphical password security.
Reference:
Vorster, J.S., Van Heerden, R.P. and Irwin, B. 2016. The pattern-richness of graphical passwords. 15th International Information Security South Africa Conference, 17-18 August 2016, Rosebank, Johannesburg, South Africa, DOI: 10.1109/ISSA.2016.7802931
Vorster, J., Van Heerden, R. P., & Irwin, B. (2016). The pattern-richness of graphical passwords. IEEE. http://hdl.handle.net/10204/9389
Vorster, JS, Renier P Van Heerden, and B Irwin. "The pattern-richness of graphical passwords." (2016): http://hdl.handle.net/10204/9389
Vorster J, Van Heerden RP, Irwin B, The pattern-richness of graphical passwords; IEEE; 2016. http://hdl.handle.net/10204/9389 .
Copyright: 2016 IEEE. Due to copyright restrictions, the attached PDF file contains the accepted version of the published version. For access to the published version, kindly consult the publisher's website.
