A Novel Hybrid Password Authentication Scheme Based on Text and Image

  • Ian MackieEmail author
  • Merve Yıldırım
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10980)


Considering the popularity and wide deployment of text passwords, we predict that they will be used as a prevalent authentication mechanism for many years to come. Thus, we have carried out studies on mechanisms to enhance text passwords. These studies suggest that password space and memorability should be improved, with an additional mechanism based on images. The combination of text and images increases resistance to some password attacks, such as brute force and observing attacks. We propose a hybrid authentication scheme integrating text and recognition-based graphical passwords. This authentication scheme can reduce the phishing attacks because if users are deceived to share their key passwords, there is still a chance to save the complete password as attackers do not know the users’ image preferences. In addition to the security aspect, the proposed authentication scheme increases memorability as it does not require users to remember long and complex passwords. Thus, with the proposed scheme users will be able to create strong passwords without sacrificing usability. The hybrid scheme also offers an enjoyable sign-in/log-in experience to users.


Passwords Authentication Recognition based graphical passwords 


  1. 1.
    Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40–46 (1999). Scholar
  2. 2.
    Brown, A.: A review of the tip-of-the-tongue experience. Psychol. Bull. 109(2), 204–223 (1991)CrossRefGoogle Scholar
  3. 3.
    Brown, R., McNeill, D.: The tip of the tongue phenomenon. J. Verbal Learn. Verbal Behav. 5(4), 325–337 (1966)CrossRefGoogle Scholar
  4. 4.
    Burnett, M., Kleiman, D. (eds.): Perfect Passwords. Syngress Publishing Inc., Rockland (2006)Google Scholar
  5. 5.
    Chen, Y.L., Ku, W.C., Yeh, Y.C., Liao, D.M.: A simple text-based shoulder surfing resistant graphical password scheme. In: IEEE 2nd International Symposium on Next-Generation Electronics. pp. 161–164. IEEE, February 2013.
  6. 6.
    Collider, S.: How secure is my password? (2016). Accessed 14 Jan 2017
  7. 7.
    Crystal, D.: Dictionary of Linguistics and Phonetics, vol. 30. Wiley, New York (2011)Google Scholar
  8. 8.
    Davis, D., Monrose, F., Reiter, M.: On user choice in graphical password schemes. In: Proceedings of The 13th USENIX Security Symposium, pp. 151–164. USENIX Association, San Diego (2004)Google Scholar
  9. 9. Tip-of-the-tongue phenomenon - dictionary definition of tip-of-the-tongue phenomenon. Accessed 9 Nov 2016
  10. 10.
    Haque, M., Imam, B.: A new graphical password: combination of recall & recognition based approach. Int. J. Comput. Electric. Autom. Control Inf. Eng. 8(2), 320–324 (2014)Google Scholar
  11. 11.
    Haque, M., Imam, B., Ahmad, N.: 2-round hybrid password scheme. Int. J. Comput. Eng. Technol. (IJCET) 3(2), 579–587 (2012)Google Scholar
  12. 12.
    Mokal, P., Devikar, R.: A survey on shoulder surfing resistant text based graphical password schemes. Int. J. Sci. Res. (IJSR) 3(4), 747–750 (2014)Google Scholar
  13. 13. (n.d.): Password strength checker (2017). Accessed 5 Jan 2017
  14. 14.
    Rao, K., Yalamanchili, A.: Novel shoulder-surfing resistant authentication schemes using text-graphical passwords. Int. J. Inf. Netw. Secur. 1(3), 163–170 (2012)Google Scholar
  15. 15.
    Schwartz, B., Metcalfe, J.: Tip-of-the-tongue (TOT) states: retrieval, behaviour, and experience. Memory Cognit. 39(5), 737–749 (2011)CrossRefGoogle Scholar
  16. 16.
    Shepard, R.: Recognition memory for words, sentences and pictures. J. Verbal Learn. Verbal Behav. 6, 156–163 (1967)CrossRefGoogle Scholar
  17. 17.
    Sreelatha, M., Shashi, M., Anirudh, M., Ahamer, M., Manoj Kumar, V.: Authentication schemes for session passwords using color and images. Int. J. Netw. Secur. Appl. 3(3), 111–119 (2011)Google Scholar
  18. 18.
    Van Oorschot, P., Thorpe, J.: Exploiting predictability in click-based graphical passwords. J. Comput. Secur. 19(4), 669–702 (2011)CrossRefGoogle Scholar
  19. 19.
    van Oorschot, P.C., Wan, T.: TwoStep: an authentication method combining text and graphical passwords. In: Babin, G., Kropf, P., Weiss, M. (eds.) MCETECH 2009. LNBIP, vol. 26, pp. 233–239. Springer, Heidelberg (2009). Scholar
  20. 20.
    Vorster, J., van Heerden, R.: A study of perceptions of graphical passwords (2015). Accessed 2 June 2016
  21. 21.
    Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Priv. Secur. 2(5), 25–31 (2004)CrossRefGoogle Scholar
  22. 22.
    Zhang, Y., Monrose, F., Reiter, M.K.: The security of modern password expiration: an algorithmic framework and empirical analysis. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 176–186 (2010)Google Scholar
  23. 23.
    Zhao, H., Li, X.: S3PAS: a scalable shoulder-surfing resistant textual-graphical password authentication scheme. In: 21st International Conference on Advanced Information Networking and Applications Workshops, AINAW 2007, vol. 2, pp. 467–472, May 2007.

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  1. 1.Department of InformaticsUniversity of SussexBrightonUK

Personalised recommendations