Skip to main content

Picture password system promises to strengthen online security


Gail-Joon Ahn picture password protection
August 07, 2013

An Arizona State University computer scientist is working to strengthen the line of defense in online security with a password-protection system that potentially helps enhance security features of the Microsoft Windows 8 computer operating system.

Gail-Joon Ahn is leading work on a system that veers from using common text passwords to the use of patterns and images. Users select picture images to create unique three-part patterns as passwords for access to mobile telephones, e-tablets and Internet profiles. The patterns can consist of a tap, a circle or drawing a line on an image.

Later this month, Ahn’s research team will give a presentation on the work, titled “On the Security of Picture Gesture Authentication,” at the USENIX Security Symposium in Washington, D.C., a prominent gathering of leading computer security experts. The symposium is organized by USENIX, the Advanced Computing Systems Association.

Ahn is a professor in the School of Computing, Informatics and Decision Systems Engineering, one of ASU’s Ira A. Fulton Schools of Engineering. He is also founder and chief technology officer of GFS Technology Inc., an ASU-incubated company.

He has been researching the vulnerability of the Windows 8 password-protection system with a team that includes computer science doctoral student Ziming Zhao and computer science master’s degree student Jeong-Jin Seo, along with Hongxin Hu, an ASU graduate and now an assistant professor of computer and information sciences at Delaware State University.

Ahn says the system will provide significantly more security to protect Windows users from hackers who may use automated scripts to crack passwords.

The team began by identifying common traits in an experiment group’s selection of password patterns. They gathered data from a group of participants using Amazon.com, as well as from students who used the Windows 8 security platform to log into class work. The researchers found the users tended to pick predictable patterns to create passwords.

The patterns showed a common trend in concentrating patterns around an image’s “points of interest,” such as faces, eyeglasses or brightly colored objects. Ahn’s team developed algorithms that identified possible points of interest in images users created for password patterns.

“Based on the user habits and patterns, we created a ranked pattern dictionary,” he explains. With that finding, Ahn’s team was able to figure out the password patterns used by the experiment group – showing there was more work to be done to better protect the Windows 8 system.

The team created password-strength meters similar to those commonly used to test the effectiveness of common text passwords in remaining secure. By predetermining the strength of a pattern, users can guard against hacking by selecting unusual patterns that do not utilize obvious points of interest.

Ahn has been granted a provisional U.S. patent securing the results of his research while he and his team organize documentation and data for an application to have the system approved for a permanent patent.