Click-based graphical passwords, which involve clicking a set of user-selected points, have been proposed as a usable alternative to text passwords. We conducted two user studies: an initial lab study to revisit these usability claims, explore for the first time the impact on usability of a wide-range of images, and gather information about the points selected by users; and a large-scale field study to examine how click-based graphical passwords work in practice. No such prior field studies have been reported in the literature. We found significant differences in the usability results of the two studies, providing empirical evidence that relying solely on lab studies for security interfaces can be problematic. We also present a first look at whether interference from having multiple graphical passwords affects usability and whether more memorable passwords are necessarily weaker in terms of security.

Additional Metadata
Keywords Authentication, Graphical passwords, Usable security, User study
Persistent URL dx.doi.org/10.1145/1280680.1280682
Conference SOUPS 2007: 3rd Symposium On Usable Privacy and Security
Citation
Chiasson, S, Biddle, R, & Van Oorschot, P. (2007). A second look at the usability of click-based graphical passwords. Presented at the SOUPS 2007: 3rd Symposium On Usable Privacy and Security. doi:10.1145/1280680.1280682