Hybrid pass: authentication mechanism for web applications – both secure and user-friendly

Abstract

A variety of visual passwords approaches were proposed that aim to replace conventional text passwords. The main advantage of both systems is that unlike biometrics and tokens they do not require special hardware. However they still fail to provide a satisfying solution to the usability problems of today’s authentication systems. Both text and visual passwords have limitations. We show how those limitations can be minimized by combining the two systems together to provide an integrated login mechanism suitable for web applications. The design is user friendly and makes use of the human factor to enhance security and usability. Due to the hybrid nature of our approach, it includes an anti-phishing technique.