Academy & Industry Research Collaboration Center (AIRCC)

Volume 9, Number 18, December 2019

A Mixed Login Scheme Performed on Mobile Device to Resist Multiple Attack


Jie Wan1, Liang Liu1, Dai Hua2 and Wei Liu3, 1NanJing University of Aeronautics and Astronautics, China, 2Nanjing University of Post &Telecommunications, China and 3Nanjing Institute of technicians, China


Nowadays text-based password has been widely used in our daily life. However, rather than choose a complex text password people prefer to use a brief password so that they can remember it easily. Moreover, with the rapid increasing use of mobile applications, people often input passwords in public. Attacker can perform shoulder surfing attack to observe the password directly with naked eyes or some video record devices. In order to resist the shoulder surfing attack, a number of authentication schemes based on graph have been proposed. However, graph-based password is totally different from text-based password. It's difficult for users to memorize two different kinds of passwords. In this paper, we propose a mixed login scheme called MixedKey which mixes graphic and traditional textual password. The login indicator in the scheme is randomly and safely generated for each login. MixedKey divides each password into characters, which connects graphic and text-based password. Users could login our system in both public and private situations with just one password. We also implemented MixedKey and conducted experiments to measure the memorability and usability. The results show MixedKey outperforms the existing schemes.


Shoulder Surfing Attack, Graph-based Password, Text-based Password, Login Scheme