Freyr Sævarsson: Combinatorics in Pattern-based Graphical Passwords

Because of increased computing power it is necessary for modern passwords to be very long and complex, this makes them hard to remember. Research shows that it might be easier for people to remember visual passwords instead of textual ones. The goal of this project was to find a safe graphical password scheme which does not require any modification on the server side. A proposed solution is called the Abagram which is a system that transforms patterns on a grid into textual passwords. The main idea behind the scheme is to assign each cell in the grid a letter or a symbol. The users select some cells by passing their finger over them. The password becomes the letters of the cells in the order in which they are passed. The thesis consists of a study of the combinatorics of user-selected patterns, a theoretical security analysis of the Abagram, an analysis of a user study constructed for Android smartphones and methods for evaluating the strength of a given pattern. The Abagram does show promise, an average pattern from the study suggest a password space with entropy of about 68 bits which is comparable with a random 10 digit password. The Abagram might be especially useful when used with a smartphone but there are still some usability and implementation aspects which must be analyzed further.