ABSTRACT
Authentication using images (i.e., graphical passwords) is claimed to be one of the alternatives for overcoming weaknesses in the traditional username and password authentication. This paper reports on the study to explore the feasibility of combining two graphical password methods for better security. A graphical password prototype scheme, the Enhanced Graphical Authentication System (EGAS), was developed (which combines the methods of clicking on the image (i.e., click-based) and selecting a series of images (i.e., choice-based). The EGAS was tested by 30 participants randomly chosen from the authors’ university and two evaluations were made; namely user performance of the combined method and the feasibility of authentication strategies toward the introduced method itself. From both evaluations, it is found that positive results have been obtained, which suggest that these methods could be combined together effectively without giving impediment to users.
Additional information
Notes on contributors
Mohd Zalisham Jali
Mohd Zalisham Jali gained a PhD from Plymouth University, UK, under the supervision of Prof. Steven Furnell and Assoc. Prof. Paul Dowland. Dr. Zalisham is now a senior lecturer at the Faculty of Science and Technology, USIM. He is a member of IEEE (Malaysia Section) and ISOC (Malaysia Section). His current research interests include authentication, usable security, human aspects of security, and psychology.
Steven M. Furnell
Steven Furnell gained a BSc (Hons) in computing and informatics from Plymouth University, UK, in 1992, followed by a PhD in information security from the same institution in 1995. His research interests continue to focus upon security issues, including user authentication, intrusion detection, usability, and security culture. Prof. Furnell is active within three working groups of the International Federation for Information Processing (IFIP): Information Security Management, Information Security Education, and Human Aspects of Information Security & Assurance. He is the author of more than 210 papers in refereed international journals and conference proceedings, as well as books including Cybercrime: Vandalizing the Information Society (2001) and Computer Insecurity: Risking the System (2005). Further details can be found at www.plymouth.ac.uk/cscan.
Paul S. Dowland
Paul Dowland graduated with a first class honors for his BSc, followed with a PhD in Information Security from Plymouth University. Dr Paul Dowland is currently an associate professor in Information System Security within the Centre for Security, Communications and Network Research, Plymouth University. His current research interests include information system security, Internet and World Wide Web technologies, and online distance learning. Further details can be found at www.plymouth.ac.uk/cscan.