Graphical Passwords for Smartphones

Vishal Patel

Stage 4 Physics Student, University of Kent

With the increased use of smartphones in recent years, more people have looked to secure their smartphones to prevent others from gaining access to sensitive information.

Most knowledge-based passwords are easy to ascertain and can easily be described – for example “Person X’s PIN is 1234”. This Project aimed to utilise a graphical (image) password system instead of a standard numerical one and create a password system (for implementation on smartphones) that was more secure and memorable than a simple PIN. Graphical Passwords password techniques are a method whereby a person is shown a series of images and must select a subset of these images to constitute their password.

This makes use of the fact that the visual memory is generally stronger than the conceptual memory and hence graphical passwords are less easily forgotten. This is known as the Picture Superiority effect – which states that images or concepts are more easily remembered than words or numbers. As standard images face the same problem as knowledge based passwords, in the sense that they can be readily conveyed or relayed to another person, the project involved irreducible images (images that are difficult to describe and convey), namely – faces. A system was set up, using the facial recognition software known as E-FIT (Electronic Facial Identification Technique) wherein a person would construct a face made up of seven features; Hair, Eyebrows, Eyes, Nose, Mouth, Ears and Facial Shape. The user would use a selection process to choose all of their features and generate a complete face.

The password entrance system was tested by having the user remember their full password (entire face) for around a minute and then being shown a partial password with 4 missing facial features. They were then presented with image grids for each missing feature each of which contained their previously chosen feature. As there were 12 images per feature, the choice of 1 in 12 for 4 possible features gave the odds of correctly guessing a password to be 1 in 20,736 – twice as secure as a standard PIN which only offers 1 in 10,000.

Overall, only 24% of people managed to correctly enter all 4 missing features of their password However, the majority of people were able to correctly remember and identify at least 3 features of their password with only 4% of people being able to remember no parts of their passwords. And 64% of all missing features were entered correctly, suggesting that people do tend to remember faces well. However the results show that the password method used in this project could use some improvement such as using images of higher quality.

Want to know more? Email Vishal with any questions you have about his work!