University of Otago
Graphical password schemes are believed to be more secure and more resilient to dictionary attacks than textual passwords, but more vulnerable to shoulder surfing attacks. In this paper, the authors design a new graphical password which is larger in the possible passwords' space than in similar schemes and it is more resilient to shoulder surfing attacks. Personal entropies are integrated into the system in the user-aware behavior that reduces the false acceptance and false rejection rates. The user-aware personal entropy they employ is the binary pressure when drawing a secret on the screen; unlike conventional authentication schemes that use personal entropies, the binary pressure in their scheme is varied arbitrarily by the users and is not intuitive.