"An In-Depth Analysis of User Behavior in Graphical Password Schemes: Implications for Security"

Q: How many days will it take for my paper to be published?

The review time for papers is not fixed. However, if the paper is accepted and the author completes the processing charges formalities, the paper will be published within a few working days.

Q: I would like to receive a hard copy of the journal materials. Are there any additional charges?

You can log in to the author portal and pay 500 INR to receive the hard copy materials.

Q: Do IJIRT provide DOI for published papers?

Yes, we provide a DOI (Digital Object Identifier) upon request. Authors can contact us at editor@ijirt.org after publication to obtain the DOI for their paper.

Q: Do we provide Published Journal Print copy?

No, we do not provide Published Journal Print copy.

Q: Why am I not able to register to IPN?

There might be three potential reasons: 1) You did not verify your mobile number before clicking on the register button. Please click on the Verify sign immediately after entering your mobile number and complete OTP verification. 2) You are an international author. The IPN is enabled only for Indian Authors. 3) You did not tick the Terms & Conditions checkbox. Please make sure to select it before clicking on the register button.

Q: Where can I get a sample publication certificate?

Please login to Author Home, where you will find the sample copy of the publication certificate and confirmation letter.

Q: I made the processing charges payment and the amount is deducted from my bank account, but it is not updated in my Author Home. What should I do?

Please wait for one working day. We will check at our end and update the status. If it is still not updated after one working day, please email your Razorpay Payment ID along with the payment proof snapshot to editor@ijirt.org.

Q: Where can I sign the Copyright and Undertaking Declaration?

To publish your paper in IJIRT, copyright and undertaking is mandatory. You can digitally sign both by logging into Author Home and checking the right-side section.

Q: How many pages are allowed?

There is no page limit. However, to enhance quality and reader experience, we recommend keeping the paper up to 30 pages (single or double column) without extra charges.

Q: How many authors per paper are allowed?

Up to 13 authors are allowed without extra charges.

Prof. Anil Haribhau Rokade; Dr. Santosh S. Lomte

"An In-Depth Analysis of User Behavior in Graphical Password Schemes: Implications for Security"

Authors: Prof. Anil Haribhau Rokade, Dr. Santosh S. Lomte

Unique Paper ID: 168531
PageNo: 1119-1129

Keywords: Graphical passwords User behaviour Authentication security Password memorability Shoulder surfing Usability vs. security.

Abstract:
Graphical password schemes have emerged as an alternative to traditional text-based passwords, offering a more intuitive and potentially more secure form of user authentication by leveraging the human brain’s natural ability to recall images and patterns. Despite their usability advantages, graphical passwords are still subject to significant vulnerabilities, particularly in relation to user behavior. This research investigates the impact of user behavior on the security and effectiveness of graphical password systems by analyzing how users create, remember, and reuse graphical passwords in three types of schemes: click-based, draw-a-secret, and recognition-based. The study adopts a mixed-method approach, combining quantitative analysis of user interactions with qualitative feedback through surveys and interviews. A total of 100 participants were tested in a controlled environment, using graphical password systems that mimicked real-world authentication scenarios. Key metrics such as password creation time, recall success rates, and the complexity of passwords were tracked, along with user preferences and feedback regarding the ease of use and perceived security of each scheme. The results reveal that users tend to prioritize simplicity and memorability over security. In click-based schemes, users often selected visually prominent hotspots, making passwords predictable and vulnerable to guessing attacks. Similarly, in draw-a-secret systems, users favored simple geometric patterns, which significantly reduced the password space and increased the risk of pattern-guessing attacks. Recognition-based systems, while offering higher security due to a larger pool of images, presented usability challenges, as users often struggled to recall unfamiliar or abstract images. The findings underscore the critical trade-off between usability and security in graphical password systems. While these systems offer improved memorability compared to text-based passwords, user behavior—favoring convenience and simple patterns—compromises their security. The study also highlights the vulnerability of graphical passwords to shoulder surfing, as many graphical systems involve visible interactions that can be easily observed and replicated by attackers. To enhance the security of graphical password schemes, the research proposes several design improvements. These include randomizing image backgrounds, incorporating complexity requirements for patterns, and providing real-time feedback to users regarding password strength. Additionally, combining graphical elements with text-based passwords in a hybrid authentication system could help balance usability and security. Future research should focus on further improving the design of graphical password systems, particularly in terms of mitigating shoulder surfing risks and encouraging users to create more complex, unpredictable passwords. Additionally, exploring hybrid authentication methods and evaluating the long-term effectiveness of these systems in real-world environments will be key to enhancing the overall security of graphical password schemes. This study contributes to the growing body of research on graphical passwords by providing a detailed analysis of user behavior and offering practical recommendations for improving both the security and usability of these systems.

Download article

email to a friend

Copyright & License

Copyright © 2026 Authors retain the copyright of this article. This article is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

BibTeX

@article{168531,
author = {Prof. Anil Haribhau Rokade and Dr. Santosh S. Lomte},
title = {"An In-Depth Analysis of User Behavior in Graphical Password Schemes: Implications for Security"},
journal = {International Journal of Innovative Research in Technology},
year = {2024},
volume = {11},
number = {5},
pages = {1119-1129},
issn = {2349-6002},
url = {https://ijirt.org/article?manuscript=168531},
abstract = {Graphical password schemes have emerged as an alternative to traditional text-based passwords, offering a more intuitive and potentially more secure form of user authentication by leveraging the human brain’s natural ability to recall images and patterns. Despite their usability advantages, graphical passwords are still subject to significant vulnerabilities, particularly in relation to user behavior. This research investigates the impact of user behavior on the security and effectiveness of graphical password systems by analyzing how users create, remember, and reuse graphical passwords in three types of schemes: click-based, draw-a-secret, and recognition-based.
The study adopts a mixed-method approach, combining quantitative analysis of user interactions with qualitative feedback through surveys and interviews. A total of 100 participants were tested in a controlled environment, using graphical password systems that mimicked real-world authentication scenarios. Key metrics such as password creation time, recall success rates, and the complexity of passwords were tracked, along with user preferences and feedback regarding the ease of use and perceived security of each scheme.
The results reveal that users tend to prioritize simplicity and memorability over security. In click-based schemes, users often selected visually prominent hotspots, making passwords predictable and vulnerable to guessing attacks. Similarly, in draw-a-secret systems, users favored simple geometric patterns, which significantly reduced the password space and increased the risk of pattern-guessing attacks. Recognition-based systems, while offering higher security due to a larger pool of images, presented usability challenges, as users often struggled to recall unfamiliar or abstract images.
The findings underscore the critical trade-off between usability and security in graphical password systems. While these systems offer improved memorability compared to text-based passwords, user behavior—favoring convenience and simple patterns—compromises their security. The study also highlights the vulnerability of graphical passwords to shoulder surfing, as many graphical systems involve visible interactions that can be easily observed and replicated by attackers.
To enhance the security of graphical password schemes, the research proposes several design improvements. These include randomizing image backgrounds, incorporating complexity requirements for patterns, and providing real-time feedback to users regarding password strength. Additionally, combining graphical elements with text-based passwords in a hybrid authentication system could help balance usability and security.
Future research should focus on further improving the design of graphical password systems, particularly in terms of mitigating shoulder surfing risks and encouraging users to create more complex, unpredictable passwords. Additionally, exploring hybrid authentication methods and evaluating the long-term effectiveness of these systems in real-world environments will be key to enhancing the overall security of graphical password schemes.
This study contributes to the growing body of research on graphical passwords by providing a detailed analysis of user behavior and offering practical recommendations for improving both the security and usability of these systems.},
keywords = {Graphical passwords, User behaviour, Authentication security, Password memorability, Shoulder surfing, Usability vs. security.},
month = {October},
}

Download .bib

Cite This Article

Rokade, P. A. H., & Lomte, D. S. S. (2024). "An In-Depth Analysis of User Behavior in Graphical Password Schemes: Implications for Security". International Journal of Innovative Research in Technology (IJIRT), 11(5), 1119–1129.

Impact Factor
8.01 (Year 2024)

An UGC-Compliant International Research Journal

Join Our IPN

IJIRT Partner Network

Submit your research paper and those of your network (friends, colleagues, or peers) through your IPN account, and receive 800 INR for each paper that gets published.

Join Now