of graphical passwords
In a quest for improved security, researchers at Australia’s
University of Newcastle (UoN) have developed software that uses
pictures instead of letters to produce what they term graphical
passwords. According to the lead researcher on the project, Jeff
Yan, graphical passwords are more than 1,000 times more secure than
ordinary textual passwords.
Go deeper with GlobalData
The work by Yan and co-researcher Paul Dunphy was initially based
on Draw a Secret (DAS), a graphical password research project
undertaken by New York University, Bell Labs (a unit of
telecommunications equipment group Alcatel-Lucent) and AT&T
Labs (a unit of telecommunications group AT&T). At the time the
joint research team carried out its work – the late 1990s – it
noted: “Our DAS scheme is motivated by the experimentally proven
fact that pictures are easier to remember than words.”
The UoN researchers were motivated by a similar viewpoint. “Many
people find it difficult to remember a password so choose words
that are easy to remember and therefore more susceptible to
hackers,” said Yan. However, he added: “The human mind has a much
greater capacity for remembering images.”
In essence, in the DAS system the user draws an image which is then
encoded. To identify the user, software recalls the strokes, along
with the number of times the pen is lifted. Yan and Dunphy took the
basic DAS a step further by superimposing a background over the
blank DAS grid, creating a system they have dubbed Background Draw
a Secret (BDAS). Yan explained that this helps users remember where
they began the drawing they are using as a password and also leads
to graphical passwords that are less predictable, longer and more
complex.
In a study conducted at UoN, it was found that the BDAS software
encouraged people to draw more complicated password images, for
example with a larger stroke count or length, which were less
symmetrical and did not start in the centre. This makes them much
harder for people or automated hacker programmes to guess,
according to Yan. “It may take longer to create the password
initially but it’s easier to remember and more secure as a result,”
he said.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataThe BDAS system does not require that a drawing be recreated
exactly as the original. The picture is recognised as identical if
the encoding is the same, not the drawing itself. What users must
remember is where they began on the grid and the order of their pen
strokes. Notably, after one week 95 percent of people who took part
in the UoN study were within three attempts able to recreate the
same image they had initially drawn.
Yan has received a £66,000 ($140,00) grant from technology group
Microsoft to support his ongoing research.
