{"id":"https://openalex.org/W2117436924","doi":"https://doi.org/10.1145/1284680.1284685","title":"On predictive models and user-drawn graphical passwords","display_name":"On predictive models and user-drawn graphical passwords","publication_year":2008,"publication_date":"2008-01-01","ids":{"openalex":"https://openalex.org/W2117436924","doi":"https://doi.org/10.1145/1284680.1284685","mag":"2117436924"},"language":"en","primary_location":{"id":"doi:10.1145/1284680.1284685","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1284680.1284685","pdf_url":null,"source":{"id":"https://openalex.org/S2642811","display_name":"ACM Transactions on Information and System Security","issn_l":"1094-9224","issn":["1094-9224","1557-7406"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Information and System Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011846293","display_name":"Paul C. van Oorschot","orcid":"https://orcid.org/0000-0002-5038-5370"},"institutions":[{"id":"https://openalex.org/I67031392","display_name":"Carleton University","ror":"https://ror.org/02qtvee93","country_code":"CA","type":"education","lineage":["https://openalex.org/I67031392"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"P. C. van Oorschot","raw_affiliation_strings":["Carleton University, Ottawa, Ontario, Canada"],"affiliations":[{"raw_affiliation_string":"Carleton University, Ottawa, Ontario, Canada","institution_ids":["https://openalex.org/I67031392"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5000647973","display_name":"Julie Thorpe","orcid":"https://orcid.org/0000-0002-6629-158X"},"institutions":[{"id":"https://openalex.org/I67031392","display_name":"Carleton University","ror":"https://ror.org/02qtvee93","country_code":"CA","type":"education","lineage":["https://openalex.org/I67031392"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Julie Thorpe","raw_affiliation_strings":["Carleton University, Ottawa, Ontario, Canada"],"affiliations":[{"raw_affiliation_string":"Carleton University, Ottawa, Ontario, Canada","institution_ids":["https://openalex.org/I67031392"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5011846293"],"corresponding_institution_ids":["https://openalex.org/I67031392"],"apc_list":null,"apc_paid":null,"fwci":27.1146,"has_fulltext":false,"cited_by_count":107,"citation_normalized_percentile":{"value":0.99497167,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":100},"biblio":{"volume":"10","issue":"4","first_page":"1","last_page":"33"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9800000190734863,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12553","display_name":"Psychedelics and Drug Studies","score":0.9797000288963318,"subfield":{"id":"https://openalex.org/subfields/3203","display_name":"Clinical Psychology"},"field":{"id":"https://openalex.org/fields/32","display_name":"Psychology"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.9519602656364441},{"id":"https://openalex.org/keywords/cognitive-password","display_name":"Cognitive password","score":0.8434431552886963},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.804490327835083},{"id":"https://openalex.org/keywords/s/key","display_name":"S/KEY","score":0.5971066951751709},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.565270185470581},{"id":"https://openalex.org/keywords/password-policy","display_name":"Password policy","score":0.5562708377838135},{"id":"https://openalex.org/keywords/password-strength","display_name":"Password strength","score":0.534197986125946},{"id":"https://openalex.org/keywords/password-cracking","display_name":"Password cracking","score":0.4813326299190521},{"id":"https://openalex.org/keywords/one-time-password","display_name":"One-time password","score":0.38567808270454407},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.37773436307907104},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.33571550250053406},{"id":"https://openalex.org/keywords/human\u2013computer-interaction","display_name":"Human\u2013computer interaction","score":0.333212673664093},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.11966335773468018}],"concepts":[{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.9519602656364441},{"id":"https://openalex.org/C23875713","wikidata":"https://www.wikidata.org/wiki/Q5141232","display_name":"Cognitive password","level":5,"score":0.8434431552886963},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.804490327835083},{"id":"https://openalex.org/C4957475","wikidata":"https://www.wikidata.org/wiki/Q242186","display_name":"S/KEY","level":3,"score":0.5971066951751709},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.565270185470581},{"id":"https://openalex.org/C98705547","wikidata":"https://www.wikidata.org/wiki/Q3394687","display_name":"Password policy","level":4,"score":0.5562708377838135},{"id":"https://openalex.org/C70530487","wikidata":"https://www.wikidata.org/wiki/Q1990841","display_name":"Password strength","level":4,"score":0.534197986125946},{"id":"https://openalex.org/C3847113","wikidata":"https://www.wikidata.org/wiki/Q2746524","display_name":"Password cracking","level":5,"score":0.4813326299190521},{"id":"https://openalex.org/C89479133","wikidata":"https://www.wikidata.org/wiki/Q1137840","display_name":"One-time password","level":3,"score":0.38567808270454407},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.37773436307907104},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.33571550250053406},{"id":"https://openalex.org/C107457646","wikidata":"https://www.wikidata.org/wiki/Q207434","display_name":"Human\u2013computer interaction","level":1,"score":0.333212673664093},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.11966335773468018}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/1284680.1284685","is_oa":false,"landing_page_url":"https://doi.org/10.1145/1284680.1284685","pdf_url":null,"source":{"id":"https://openalex.org/S2642811","display_name":"ACM Transactions on Information and System Security","issn_l":"1094-9224","issn":["1094-9224","1557-7406"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Information and System Security","raw_type":"journal-article"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.216.3090","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.216.3090","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.scs.carleton.ca/~paulv/papers/tissec-jan08.pdf","raw_type":"text"},{"id":"pmh:oai:CiteSeerX.psu:10.1.1.216.5451","is_oa":false,"landing_page_url":"http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.216.5451","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"http://www.scs.carleton.ca/~paulv/papers/DAS_journal_preprint.pdf","raw_type":"text"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.46000000834465027,"display_name":"Quality Education","id":"https://metadata.un.org/sdg/4"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":41,"referenced_works":["https://openalex.org/W42204834","https://openalex.org/W72173724","https://openalex.org/W97603265","https://openalex.org/W1485033854","https://openalex.org/W1499655453","https://openalex.org/W1503108337","https://openalex.org/W1505010935","https://openalex.org/W1591302859","https://openalex.org/W1650977141","https://openalex.org/W1660562555","https://openalex.org/W1765803531","https://openalex.org/W1829152331","https://openalex.org/W1921097329","https://openalex.org/W1971300091","https://openalex.org/W1995875735","https://openalex.org/W2016453004","https://openalex.org/W2030993695","https://openalex.org/W2032230066","https://openalex.org/W2034966184","https://openalex.org/W2037600435","https://openalex.org/W2053154747","https://openalex.org/W2061956102","https://openalex.org/W2067883329","https://openalex.org/W2069266256","https://openalex.org/W2091770789","https://openalex.org/W2093174770","https://openalex.org/W2098841294","https://openalex.org/W2111465783","https://openalex.org/W2115218409","https://openalex.org/W2121386924","https://openalex.org/W2123097583","https://openalex.org/W2124192318","https://openalex.org/W2125927592","https://openalex.org/W2129088386","https://openalex.org/W2134909295","https://openalex.org/W2161032904","https://openalex.org/W2335357986","https://openalex.org/W2394560680","https://openalex.org/W2402606581","https://openalex.org/W2612724383","https://openalex.org/W2752929869"],"related_works":["https://openalex.org/W2969720675","https://openalex.org/W1982158666","https://openalex.org/W3131491961","https://openalex.org/W2953105088","https://openalex.org/W2596766976","https://openalex.org/W2916013051","https://openalex.org/W2017283799","https://openalex.org/W4302810031","https://openalex.org/W1847856596","https://openalex.org/W4294993944"],"abstract_inverted_index":{"In":[0],"commonplace":[1],"text-based":[2],"password":[3,81,112,140,152,202,214,221,227],"schemes,":[4],"users":[5,44],"typically":[6],"choose":[7,47],"passwords":[8,33,66],"that":[9,76,177,187,211],"are":[10,17,36,67],"easy":[11],"to":[12,20,27,39,46,54,107,182,194],"recall,":[13],"exhibit":[14],"patterns,":[15],"and":[16,56,118,175,225],"thus":[18],"vulnerable":[19,38],"brute-force":[21],"dictionary":[22,40],"attacks.":[23],"This":[24],"leads":[25],"us":[26,106],"ask":[28],"whether":[29],"other":[30],"types":[31],"of":[32,43,60,111,125,132,154,166,199],"(e.g.,":[34,115],"graphical)":[35],"also":[37],"attack":[41,86],"because":[42],"tending":[45],"memorable":[48],"passwords.":[49],"We":[50,74,162],"suggest":[51],"a":[52,58,71,109,123],"method":[53,95],"predict":[55],"model":[57],"number":[59],"such":[61,218],"classes":[62,78,134,168],"for":[63,84,169],"systems":[64,215],"where":[65],"created":[68],"solely":[69],"from":[70,192],"user's":[72],"memory.":[73],"hypothesize":[75],"these":[77,133,167],"define":[79,108,122,143,183],"weak":[80,138],"subspaces":[82,141,186],"suitable":[83],"an":[85,160],"dictionary.":[87],"For":[88],"user-drawn":[89,212],"graphical":[90,151,213,220],"passwords,":[91],"we":[92,146],"apply":[93],"this":[94],"with":[96],"cognitive":[97,103],"studies":[98,104],"on":[99],"visual":[100],"recall.":[101],"These":[102],"motivate":[105],"set":[110,124],"complexity":[113],"factors":[114],"reflective":[116],"symmetry":[117],"stroke":[119],"count),":[120],"which":[121],"classes.":[126],"To":[127],"better":[128],"understand":[129],"the":[130,139,148,164,200],"size":[131,165],"and,":[135],"thus,":[136],"how":[137],"they":[142,178],"might":[144],"be,":[145],"use":[147],"\u201cDraw-A-Secret\u201d":[149],"(DAS)":[150],"scheme":[153],"Jermyn":[155],"et":[156],"al.":[157],"[1999]":[158],"as":[159,219],"example.":[161],"analyze":[163],"DAS":[170],"under":[171],"convenient":[172],"parameter":[173],"choices":[174],"show":[176],"can":[179],"be":[180],"combined":[181],"apparently":[184],"popular":[185],"have":[188],"bit":[189],"sizes":[190],"ranging":[191],"31":[193],"41\u2014a":[195],"surprisingly":[196],"small":[197],"proportion":[198],"full":[201],"space":[203],"(58":[204],"bits).":[205],"Our":[206],"results":[207],"quantitatively":[208],"support":[209],"suggestions":[210],"employ":[216],"measures,":[217],"rules":[222],"or":[223],"guidelines":[224],"proactive":[226],"checking.":[228]},"counts_by_year":[{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":5},{"year":2018,"cited_by_count":2},{"year":2017,"cited_by_count":8},{"year":2016,"cited_by_count":7},{"year":2015,"cited_by_count":14},{"year":2014,"cited_by_count":11},{"year":2013,"cited_by_count":13},{"year":2012,"cited_by_count":11}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}