Graphical passwords as browser extension: Implementation and usability study

Creative Commons License

Bicakci K., Yuceel M., Erdeniz B., Gurbaslar H., Atalay N. B.

3rd IFIP WG 11.11 International Conference on Trust Management, IFIPTM 2009, Indiana, United States Of America, 15 - 19 June 2009, vol.300, pp.15-29 identifier

  • Publication Type: Conference Paper / Full Text
  • Volume: 300
  • Doi Number: 10.1007/978-3-642-02056-8_2
  • City: Indiana
  • Country: United States Of America
  • Page Numbers: pp.15-29
  • Keywords: Authe ntication, Graphical password, Password manager, Usable security
  • Istanbul Technical University Affiliated: No


© IFIP International Federation for Information Processing 2009.Today, most Internet applications still establish user authentication with traditional text based passwords. Designing a secure as well as a user friendly password-based method has been on the agenda of security researchers for a long time. On one hand, there are password manager programs which facilitate generating site-specific strong passwords from a single user password to eliminate the memory burden due to multiple passwords. On the other hand, there are studies exploring the viability of graphical passwords as a more secure and user-friendly alternative. In this paper, we present GPEX, a password manager program implemented as a web browser plug-in to enable using graphical passwords to secure Internet applications without any need to change their authentication interface. Experimental results show that GPEX has security and usability advantages over other password manager plug-ins. specifically; we find that with the visual interface of GPEX, users have a more complete and accurate mental model of the system and incorrect login attempts causing security exposures can easily be avoided.