Abstract—This paper presents an integrated evaluation of the Persuasive Cued Click-Points graphical password scheme,
including usability and security evaluations, and implementation considerations. An important usability goal for knowledge-based
authentication systems is to support users in selecting passwords of higher security, in the sense of being from an expanded
effective security space. We use persuasion to influence user choice in click-based graphical passwords, encouraging users to
select more random, and hence more difficult to guess, click-points.
Index Terms—authentication, graphical passwords, usable security, empirical studies
problems of knowledge-based authentication,
typically text-based passwords, are well known.
Users often create memorable passwords that are easy
for attackers to guess, but strong system-assigned
passwords are difficult for users to remember [6].
A password authentication system should encourage
strong passwords while maintaining memorability.
We propose that authentication schemes allow
user choice while influencing users towards stronger
passwords. In our system, the task of selecting weak
passwords (which are easy for attackers to predict)
is more tedious, discouraging users from making
such choices. In effect, this approach makes choosing
a more secure password the path-of-least-resistance.
Rather than increasing the burden on users, it is
easier to follow the system’s suggestions for a secure
password — a feature lacking in most schemes.
