Reflecting on Ten Years of Graphical Passwords

Paul Van Oorschot


The past ten years have seen a flood of proposed new image-based password schemes -- graphical passwords -- in an attempt to address long-standing problems with traditional text passwords. We provide a selective review of research in this area, including discussion of security and usability analysis of existing proposals, design and analysis of new proposals, and the value of user studies. Our goal is to design better password systems through lessons learned from graphical password systems; and more broadly, to extract principles of general use in the emerging field of security and usability


Paul Van Oorschot is a Professor of Computer Science at Carleton University (Canada) and Canada Research Chair in Network and Software Security. He has worked in industry at Bell-Northern Research, Entrust Technologies and Cloakware Corp. He is co-author of the Handbook of Applied Cryptography, and regularly serves on program committees of international computer security conferences. He is on the editorial board of ACM TISSEC and was Program Chair of USENIX Security 2008, and of the Internet Society's NDSS 2002 and 2001. He is Scientific Director of NSERC ISSNet, a pan-Canadian research network exploring Internetworked Systems Security. His current research focus includes computer and Internet security, authentication and identity management, and usable security

Time and Place

July 17 2009 (Friday) at 1600 hrs
Gates 4B (opposite 490)