Picture gesture authentication: Empirical analysis, automated attacks, and scheme evaluation

Ziming Zhao, Gail-Joon Ahn, Hongxin Hu

Research output: Contribution to journalArticlepeer-review

37 Scopus citations


Picture gesture authentication has been recently introduced as an alternative login experience to text-based password on touch-screen devices. In particular, the newly on market Microsoft Windows 8TM operating system adopts such an alternative authentication to complement its traditional text-based authentication. We present an empirical analysis of picture gesture authentication on more than 10,000 picture passwords collected from more than 800 subjects through online user studies. Based on the findings of our user studies, we propose a novel attack framework that is capable of cracking passwords on previously unseen pictures in a picture gesture authentication system. Our approach is based on the concept of selection function that models users' thought processes in selecting picture passwords. Our evaluation results show the proposed approach could crack a considerable portion of picture passwords under different settings. Based on the empirical analysis and attack results, we comparatively evaluate picture gesture authentication using a set of criteria for a better understanding of its advantages and limitations.

Original languageEnglish (US)
Article number14
JournalACM Transactions on Information and System Security
Issue number4
StatePublished - Apr 1 2015


  • Automated attacks
  • Empirical analysis
  • Picture gesture authentication
  • Scheme evaluation

ASJC Scopus subject areas

  • Computer Science(all)
  • Safety, Risk, Reliability and Quality


Dive into the research topics of 'Picture gesture authentication: Empirical analysis, automated attacks, and scheme evaluation'. Together they form a unique fingerprint.

Cite this