HapticPoints: The Extended PassPoints Graphical Password

  • Trust Ratchasan
  • Rungrat WiangsripanawanEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11402)


The most common issue of alphanumeric passwords is users normally create weak passwords for the reason that strong passwords are difficult to recognise and memorise. Graphical password authentication system is one of the approaches to address the issues of alphanumeric passwords memorability. Wiedenbeck et al. propose PassPoints in which a password is a sequence of any 5 to 8 user-selected click points on a system-assigned image. Nevertheless, PassPoints still faces the problem of predictable click points and shoulder surfing attack. In this paper, we propose an alternative graphical password system on smartphones called HapticPoints. By adding haptic feedback to PassPoints as additional decoy click points, the aforementioned problems can be prevented without needing users to do any additional memory task. We also conduct a user study to evaluate and compare the usability of HapticPoints and PassPoints.


User authentication Passwords Graphical passwords Usable security Shoulder surfing attack PassPoints 


  1. 1.
    Li, J., Jiang, Y., Fan, R.: Recognition of biological signal mixed based on wavelet analysis. In: Jiang, Y., et al. (eds.) Proceedings of UK-China Sports Engineering Workshop, pp. 1–8. World Academic Union, Liverpool (2007)Google Scholar
  2. 2.
    Dewri, R., Chakraborti, N.: Simulating recrystallization through cellular automata and genetic algorithms. Model. Simul. Mater. Sci. Eng. 13(3), 173–183 (2005)CrossRefGoogle Scholar
  3. 3.
    Gray, A.: Modern Differential Geometry. CRE Press (1998)Google Scholar
  4. 4.
    Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the International Conference on World Wide Web (WWW 2007), pp. 657–666 (2007)Google Scholar
  5. 5.
    Biddle, R., Chiasson, S., van Oorschot, P.: Graphical passwords: learning from the first twelve years. Carleton University - School of Computer Science, Technical report TR-11-01, 4 January 2011Google Scholar
  6. 6.
    Blonder, G.E.: Graphical passwords. United States Patent 5559961 (1996)Google Scholar
  7. 7.
    Dirik, A., Memon, N., Birget, J.: Modeling user choice in the passpoints graphical password scheme. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, pp. 20–28. ACM (2007)Google Scholar
  8. 8.
    Thorpe, J., van Oorschot, P.: Human-seeded attacks and exploiting hot-spots in graphical passwords. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, pp. 8:1–8:16. USENIX Association (2007)Google Scholar
  9. 9.
    Enso, B.: How Consumers Remember Passwords. Forrester Research Report, 2 June 2004Google Scholar
  10. 10.
    Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The design and analysis of graphical passwords. In: Proceedings of USENIX Security Symposium (1999)Google Scholar
  11. 11.
    Dunph, P., Yan, J.: Do background images improve “Draw a Secret” graphical passwords? In: Proceedings of 14th ACM Conference on Computer and Communications Security, Virginia, USA, 28–31 October 2007, pp. 36–47. ACM Press, New York (2007)Google Scholar
  12. 12.
    Gao, H.C., Guo, X.W., Chen, X.P., Wang, L.M., Liu, X.Y.: YAGP: yet another graphical password strategy. In: Proceedings of 24th Annual Computer Security Applications Conference (ACSAC 2008), California, USA, 8–12 August 2008, pp. 121–129 (2008)Google Scholar
  13. 13.
    Tao, H.: Pass-Go, a new graphical password scheme. Master Thesis, University of Ottawa Canada, June 2006Google Scholar
  14. 14.
    Hayashi, E., Dhamija, R., Christin, N., Perrig, A.: Use your illusion: secure authentication usable anywhere. In: Proceedings of SOUPS 2008. ACM (2008)Google Scholar
  15. 15.
    Dhamija, R., Perrig, A.: Deja Vu: a user study using images for authentication. In: Proceedings of 9th USENIX Security Symposium (2000)Google Scholar
  16. 16.
    Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A., Memon, N.: PassPoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum.-Comput. Stud. 63, 102–127 (2005)CrossRefGoogle Scholar
  17. 17.
    Stubblefield, A., Simon, D.R.: Inkblot authentication. Microsoft Technical report MSR-TR-2004-85 (2004)Google Scholar
  18. 18.
    Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: International Working Conference on Advanced Visual Interfaces (AVI), May 2006Google Scholar
  19. 19.
    Narayanan, A., Shmatikov, V.: Fast dictionary attacks on passwords using time-space tradeoff. In: ACM Conference on Computer and Communications Security (CCS), November 2005Google Scholar
  20. 20.
    Chiasson, S., et al.: Multiple Password Interference in Text Passwords and Click-Based Graphical Passwords. ACM (2009)Google Scholar
  21. 21.
    Gołofit, K.: Click passwords under investigation. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 343–358. Springer, Heidelberg (2007). Scholar
  22. 22.
    Chiasson, S., Forget, A., Biddle, R., van Oorschot, P.: Influencing users towards better passwords: persuasive cued click-points. In: Human Computer Interaction (HCI), The British Computer Society, September 2008Google Scholar
  23. 23.
    Alshehri, M,N., Crawford, H.: Using image saliency and regions of interest to encourage stronger graphical passwords. In: ACSAC 2016, Los Angeles, CA, USA, December 2016Google Scholar
  24. 24.
    Kummerer, M., Theis, L., Bethge, M.: Deep Gaze I: boosting saliency prediction with feature maps trained on ImageNet. arXiv preprint arXiv:1411.1045 (2014)
  25. 25.
    Lewis, J.R.: IBM computer usability satisfaction questionnaires: psychometric evaluation and instructions for use. Int. J. Hum.-Comput. Interact. 7, 57–78 (1995)CrossRefGoogle Scholar
  26. 26.
    Nicholson, J.: Design of a multi-touch shoulder surfing resilient graphical password. Dissertation, Newcastle University (2009)Google Scholar
  27. 27.
    Tari, F., Ozok, A.A., Holden, S.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: SOUPS 2006. ACM (2006)Google Scholar
  28. 28.
    Kim, D., Dunphy, P., Briggs, P., Hook, J., Nicholson J., Olivier, P.: Multi-touch authentication on tabletops. In: CHI 2010. ACM (2010)Google Scholar
  29. 29.
    Zakaria, N.H., Griffiths, D., Brostoff, S., Yan, J.: Shoulder surfing defence for recall-based graphical passwords. In: SOUPS 2011. ACM (2011)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Computer Science, Faculty of ScienceKing Mongkut’s Institute of Technology LadkrabangBangkokThailand

Personalised recommendations