CMAPS: A Chess-Based Multi-Facet Password Scheme for Mobile Devices

It has long been recognized, by both security researchers and human–computer interaction researchers, that no silver bullet for authentication exists to achieve security, usability, and memorability. Aiming to achieve the goals, we propose a Multi-fAcet Password Scheme (MAPS) for mobile authentication. MAPS fuses information from multiple facets to form a password, allowing MAPS to enlarge the password space and improve memorability by reducing memory interference, which impairs memory performance according to psychology interference theory. The information fusion in MAPS can increase usability, as fewer input gestures are required for passwords of the same security strength. Based on the idea of MAPS, we implement a Chess-based MAPS (CMAPS) for Android systems. Only two and six gestures are required for CMAPS to generate passwords with better security strength than 4-digit PINs and 8-character alphanumeric passwords, respectively. Our user studies show that CMAPS can achieve high recall rates while exceeding the security strength of standard 8-character alphanumeric passwords used for secure applications.

• Publication year

  2018

• Venue

  IEEE Access

• Publication date

  2018-09-28

• Fields of study

  Computer Science

• Identifiers
  DOI 10.1109/ACCESS.2018.2872772
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• The Quest to Replace Passwords : a Framework for Comparative Evaluation of Web Authentication Schemes

  2016cited by this paper
• SwiPIN: Fast and Secure PIN-Entry on Smartphones

  2015influential reference
• Graphical Passwords in the Wild: Understanding How Users Choose Pictures and Passwords in Image-based Authentication Schemes

  2015cited by this paper
• TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems

  2014cited by this paper
• Now you see me, now you don't: protecting smartphone authentication from shoulder surfers

  2014cited by this paper
• Does Gamification Work? -- A Literature Review of Empirical Studies on Gamification

  2014cited by this paper
• Complexity Metrics and User Strength Perceptions of the Pattern-Lock Graphical Authentication Method

  2014cited by this paper
• On the Security of Picture Gesture Authentication

  2013cited by this paper
• A visual dictionary attack on Picture Passwords

  2013cited by this paper
• Picassopass: a password scheme using a dynamically layered combination of graphical elements

  2013cited by this paper
• Quantifying the security of graphical passwords: the case of android unlock patterns

  2013cited by this paper
• Age-related performance issues for PIN and face-based authentication systems

  2013cited by this paper
• Gamifying authentication

  2012cited by this paper
• Graphical passwords: Learning from the first twelve years

  2012cited by this paper
• A Research Agenda Acknowledging the Persistence of Passwords

  2012cited by this paper
• Do you see your password?: applying recognition to textual passwords

  2012cited by this paper
• Shoulder surfing defence for recall-based graphical passwords

  2011cited by this paper
• Can users remember their pictorial passwords six years later

  2011cited by this paper
• A New Graphical Password Scheme Resistant to Shoulder-Surfing

  2010cited by this paper
• Gamification : Using Game Design Elements in Non-Gaming Contexts

  2010cited by this paper
• Keyboard Performance: iPad Versus Netbook

  2010cited by this paper
• The Picture Superiority Effect in Recognition Memory: a developmental study

  2009cited by this paper
• Towards Identifying Usability and Security Features of Graphical Password in Knowledge Based Authentication Technique

  2008cited by this paper
• Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords

  2007cited by this paper
• UvA-DARE ( Digital Academic Repository ) Models for recall and recognition

  2006cited by this paper
• PassPoints: Design and longitudinal evaluation of a graphical password system

  2005cited by this paper
• Elements of Information Theory

  2005cited by this paper
• On User Choice in Graphical Password Schemes

  2004cited by this paper
• An investigation into low mail survey response rates of information technology users in health care organizations

  2003cited by this paper
• This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication

  2000cited by this paper
• Text entry using soft keyboards

  1999cited by this paper
• The Design and Analysis of Graphical Passwords

  1999influential reference
• Memory interference and misinformation effects

  1995influential reference
• Recognition memory for words, sentences, and pictures

  1967cited by this paper
• SHORT-TERM MEMORY FOR COMPLEX MEANINGFUL VISUAL CONFIGURATIONS: A DEMONSTRATION OF CAPACITY.

  1965cited by this paper

• Secure Chess-Based Data Exchange and User Validation

  2022cites this paper
• Layered Battleship Game Changer Password System

  2022cites this paper
• Better, Funner, Stronger: A Gameful Approach to Nudge People into Making Less Predictable Graphical Password Choices

  2021cites this paper
• ECC-based Secure and Lightweight Authentication Protocol for Mobile Environment

  2019cites this paper
• USER AUTHENTICATION CONCEPT: A COMPLETE REVIEW

  2019cites this paper