Graphical passwords have been proposed to address known problems with traditional text passwords. For example, memorable user-chosen text passwords are predictable, but random system-assigned passwords are difficult to remember. We explore the usability effects of modifying system parameters to increase the security of a click-based graphical password system. Generally, usability tests for graphical passwords have used configurations resulting in password spaces smaller than that of common text passwords. Our two-part lab study compares the effects of varying the number of click-points and the image size, including when different configurations provide comparable password spaces. For comparable spaces, no usability advantage was evident between more click-points, or a larger image. This is contrary to our expectation that larger image size (with fewer click-points) might offer usability advantages over more click-points (with correspondingly smaller images). The results suggest promising opportunities for better matching graphical password system configurations to device constraints, or capabilities of individual users, without degrading usability. For example, more click-points could be used on smart-phone displays where larger image sizes are not possible.
26th Annual Computer Security Applications Conference, ACSAC 2010
School of Computer Science

Stobert, E, Forget, A. (Alain), Chiasson, S, Van Oorschot, P, & Biddle, R. (2010). Exploring usability effects of increasing security in click-based graphical passwords. Presented at the 26th Annual Computer Security Applications Conference, ACSAC 2010. doi:10.1145/1920261.1920273