A Mixed Login Scheme Performed on Mobile Device to Resist Multiple Attack

摘要

Nowadays text-based password has been widely used in our daily life. However, rather thanchoose a complex text password people prefer to use a brief password so that they canremember it easily. Moreover, with the rapid increasing use of mobile applications, people ofteninput passwords in public. Attacker can perform shoulder surfing attack to observe thepassword directly with naked eyes or some video record devices. In order to resist the shouldersurfing attack, a number of authentication schemes based on graph have been proposed.However, graph-based password is totally different from text-based password. It's difficult forusers to memorize two different kinds of passwords. In this paper, we propose a mixed loginscheme called MixedKey which mixes graphic and traditional textual password. The loginindicator in the scheme is randomly and safely generated for each login. MixedKey divides eachpassword into characters, which connects graphic and text-based password. Users could loginour system in both public and private situations with just one password. We also implementedMixedKey and conducted experiments to measure the memorability and usability. The resultsshow MixedKey outperforms the existing schemes.