Predicting Graphical Passwords

Over the last decade, the popularity of graphical passwords has increased tremendously. They can now be found on various devices and systems, including platforms such as the Windows 8 and Android operating systems. In this paper, we focus on the PassPoints graphical-password scheme and investigate the extent to which these passwords might be predicted based on knowledge of the individual (e.g., their age, gender, education, learning style). We are particularly interested in understanding whether graphical passwords may suffer the same weaknesses as textual passwords, which are often strongly correlated with an individual using memorable information (such as the individuals spouses, pets, preferred sports teams, children, and so on). This paper also introduces a novel metric for graphical-password strength to provide feedback to an individual without the requirement of knowing the image or having password statistics a priori.