Optimal discretization for high-entropy graphical passwords


Creative Commons License

Bicakci K.

2008 23rd International Symposium on Computer and Information Sciences, ISCIS 2008, İstanbul, Turkey, 27 - 29 October 2008 identifier

  • Publication Type: Conference Paper / Full Text
  • Doi Number: 10.1109/iscis.2008.4717862
  • City: İstanbul
  • Country: Turkey
  • Keywords: Authentication, Discretization, Graphical passwords, Password security
  • Istanbul Technical University Affiliated: No

Abstract

In click-based graphical password schemes that allow arbitrary click locations on image, a click should be verified as correct if it is close within a predefined distance to the originally chosen location. This condition should hold even when for security reasons the password hash is stored in the system, not the password itself. To solve this problem, a robust discretization method has been proposed[4], recently. In this paper, we show that previous work on discretization does not give optimal results with respect to the entropy of the graphical passwords and propose a new discretization method to increase the password space. To improve the security further, we also present several methods that use multiple hash computations for password verification. © 2008 IEEE.