Volume 9, Number 18, December 2019

A Mixed Login Scheme Performed on Mobile Device to Resist Multiple Attack

  Authors

Jie Wan¹, Liang Liu¹, Dai Hua² and Wei Liu³, ¹NanJing University of Aeronautics and Astronautics, China, ²Nanjing University of Post &Telecommunications, China and ³Nanjing Institute of technicians, China

  Abstract

Nowadays text-based password has been widely used in our daily life. However, rather than choose a complex text password people prefer to use a brief password so that they can remember it easily. Moreover, with the rapid increasing use of mobile applications, people often input passwords in public. Attacker can perform shoulder surfing attack to observe the password directly with naked eyes or some video record devices. In order to resist the shoulder surfing attack, a number of authentication schemes based on graph have been proposed. However, graph-based password is totally different from text-based password. It's difficult for users to memorize two different kinds of passwords. In this paper, we propose a mixed login scheme called MixedKey which mixes graphic and traditional textual password. The login indicator in the scheme is randomly and safely generated for each login. MixedKey divides each password into characters, which connects graphic and text-based password. Users could login our system in both public and private situations with just one password. We also implemented MixedKey and conducted experiments to measure the memorability and usability. The results show MixedKey outperforms the existing schemes.

  Keywords

Shoulder Surfing Attack, Graph-based Password, Text-based Password, Login Scheme

Conference Proceedings