Computer science and engineering professor Gail-Joon Ahn and his research team surveyed a Microsoft Windows 8 picture password system to see how it can be a secure alternative to the traditional text passwords.
In the system, a user can select a photo of his or her choice by creating a three-part pattern password for any electronics including a laptop, smartphone or a tablet.
“You can use three (password) gestures, such as a tap, a circle or a line,” Ahn said.
The picture password system was first introduced on the Microsoft Windows 8 operating system. Ahn’s team is now testing the system through a study that included 700 participants.
The team is looking to improve the system and discover the kind of patterns the participants had.
“We are trying to understand what are the tendencies, what are the behavior and analysis of the users,” Ahn said.
Earlier this month, Ahn and his research team had a presentation on online security and passwords at the USENIX Security Symposium, a meeting of leading computer security experts in Washington, D.C.
Ahn’s research team includes computer science graduate student Ziming Zhao and ASU alumnus Hongxin Hu.
Hu, who now teaches at Delaware State University, said the picture password system is a safer system than the text password.
“It is well-known that text passwords have some security limitations,” he said. “First, they are difficult to remember. This is why users normally set up simple passwords.”
Hu said their research proved that text passwords are easier for hackers to crack.
“Some research work has indicated a large number of existing text passwords can be broken easily,” he said. “Second, users like to reuse text passwords. Many people are using the same text passwords for at least two accounts.”
Hu said the team presented its research paper titled “On the Security of Picture Gesture Authentication” during the symposium.
“Our presentation attracted the attention of leading computer security experts on the security of this new authentication mechanism,” he said.
While researching the system, Ahn and his team noticed that some of the participants were using the same pattern of passwords or what he called a “point of interest.”
After recognizing the patterns, the team began cracking passwords and was able to figure many of the participant’s password habits.
Ahn recommended that participants use more complex picture passwords. He said the most common password patterns were objects of the face, eyes or a color.
Zhao said that their presentation was about 20 to 30 minutes and after, they answered questions from researchers who were interested at the system.
Reach the reporter at firstname.lastname@example.org or follow her on Twitter @stephguzmannews