On Purely Automated Attacks and Click-Based Graphical Passwords

The authors present and evaluate various methods for purely automated attacks against click-based graphical passwords. The purely automated methods combine click-order heuristics with focus-of-attention scan-paths generated from Itti et al.'s (1998) computational model of visual attention. Graphical passwords are an alternative to traditional text passwords, whereby a user must remember an image (or parts of an image) in place of a word. They are motivated in part by the well-known fact that people are better at remembering images than words. There are many different types of graphical passwords; among the more popular approaches is click-based graphical passwords, which require users to click on a sequence of points on one or more background images.