Research Student Profile

Dr Mohd Zalisham Jali PhD

Research Student

Brief biographical information

Access thesis on-line

Enhancing User Authentication using Graphical Techniques

Authenticating users by means of passwords is still the dominant form of authentication despite its recognised weaknesses. To solve this, authenticating users with images or pictures (i.e. graphical passwords) is proposed as one possible alternative as it is claimed that pictures are easy to remember, easy to use and has considerable security. Reviewing literature from the last twenty years found that few graphical password schemes have successfully been applied as the primary user authentication mechanism, with many studies reporting that their proposed scheme was better than their predecessors and they normally compared their scheme with the traditional password-based. In addition, opportunities for further research in areas such as image selection, image storage and retrieval, memorability (i.e. the user’s ability to remember passwords), predictability, applicability to multiple platforms, as well as users’ familiarity are still widely possible.

Motivated by the above findings and hoping to reduce the aforementioned issues, this thesis reports upon a series of graphical password studies by comparing existing methods, developing a novel alternative scheme, and introducing guidance for users before they start selecting their password. Specifically, two studies comparing graphical password methods were conducted with the specific aims to evaluate users’ familiarity and perception towards graphical methods and to examine the performance of graphical methods in the web environment. To investigate the feasibility of combining two graphical methods, a novel graphical method known as EGAS (Enhanced Graphical Authentication System) was developed and tested in terms of its ease of use, ideal secret combination, ideal login strategies, effect of using smaller tolerances (i.e. Areas where the click is still accepted) as well as users’ familiarity. In addition, graphical password guidelines (GPG) were introduced and deployed within the EGAS prototype, in order to evaluate their potential to assist users in creating appropriate password choices.

From these studies, the thesis provides an alternative classification for graphical password methods by looking at the users’ tasks when authenticating into the system; namely click-based, choice-based, draw-based and hybrid. Findings from comparative studies revealed that although a number of participants stated that they were aware of the existence of graphical passwords, they actually had little understanding of the methods involved. Moreover, the methods of selecting a series of images (i.e. Choice-based) and clicking on the image (i.e. Click-based) are actually possible to be used for web-based authentication due to both of them reporting complementary results. With respect to EGAS, the studies have shown that combining two graphical methods is possible and does not introduce negative effects upon the resulting usability. User familiarity with the EGAS software prototype was also improved as they used the software for periods of time, with improvement shown in login time, accuracy and login failures.

With the above findings, the research proposes that users’ familiarity is one of the key elements in deploying any graphical method, and appropriate HCI guidelines should be considered and employed during development of the scheme. Additionally, employing the guidelines within the graphical method and not treating them as a separate entity in user authentication is also recommended. Other than that, elements such as reducing predictability, testing with multiple usage scenarios and platforms, as well as flexibility with respect to tolerance should be the focus for future research.

Dr Mohd Zalisham Jali

Director of studies: Prof Steven M Furnell
Other supervisors: Dr Paul S Haskell-Dowland

Journal papers

Investigating the Viability of Multifactor Graphical Passwords for User Authentication
Jali MZ, Furnell SM, Haskell-Dowland PS (Dowland PS)
Information Security Journal: A Global Perspective, 00:1–12, ISSN: 1939-3555, Published online: 18 Apr 2014, 2014
More details | External link available

Assessing image-based authentication techniques in a web-based environment
Jali MZ, Furnell SM, Haskell-Dowland PS (Dowland PS)
Information Management & Computer Security, Vol.18, Iss.1, pp43-53, 2010
More details | External link available

2 Journal papers

Conference papers

Multifactor Graphical Passwords: An Assessment of End-User Performance
Jali MZ, Furnell SM, Haskell-Dowland PS (Dowland PS)
Proceedings of the 7th International Conference of Information Assurance & Security (IAS2011), Melaka, Malaysia, 5-8 December 2011. IEEE 978-1-4577-2153-3, 2011
More details

Quantifying the effect of graphical password guidelines for better security
Jali MZ, Furnell SM, Haskell-Dowland PS (Dowland PS)
Future Challenges in Security and Privacy for Academia and Industry (SEC 2011), Lucerne, Switzerland, 7-9 June 2011. Volume 354/2011, Springer-Verlag, pp80-91, 2011
More details | External link available

Evaluating Web-Based User Authentication using Graphical Techniques
Jali MZ, Furnell SM, Haskell-Dowland PS (Dowland PS)
Proceedings of the Third International Symposium on Human Aspects of Information Security & Assurance (HAISA 2009), Athens, Greece, ISBN: 978-1-84102-231-4, pp108-118, 2009
Can be ordered on-line.
More details | Download PDF

3 Conference papers

Internal publications

A Survey of User Opinions and Preference Towards Graphical Authentication
Jali MZ, Furnell SM, Haskell-Dowland PS (Dowland PS), Reid F
Proceedings of the Fourth Collaborative Research Symposium on Security, E-learning, Internet and Networking (SEIN 2008), Wrexham, UK, ISBN: 978-1-84102-196-6, pp11-20, 2008
Can be ordered on-line.
More details | Download PDF

1 Internal publications

6 publication(s) - all categories.