You Only Live Twice or "The Years We Wasted Caring about Shoulder-Surfing"
This work addresses the reluctance to adopt password alternatives in authentication systems, but it is incremental as it builds on existing graphical authentication concepts without major breakthroughs.
The paper tackles the problem of password alternatives by designing two prototype graphical authentication applications, concluding that effective alternatives should target authentication scenarios rather than specific password flaws to achieve widespread adoption.
Passwords are a good idea, in theory. They have the potential to act as a fairly strong gateway. In practice though, passwords are plagued with problems. They are (1) easily shared, (2) trivial to observe and (3) maddeningly elusive when forgotten. While alternatives to passwords have been proposed, none, as yet, have been adopted widely. There seems to be a reluctance to switch from tried and tested passwords to novel alternatives, even if the most glaring flaws of passwords can be mitigated. One argument is that there is not enough investigation into the feasibility of many password alternatives. Graphical authentication mechanisms are a case in point. Therefore, in this paper, we detail the design of two prototype applications that utilise graphical authentication mechanisms. However, when forced to consider the design of such prototypes, we find that pertinent password problems eg. observation of entry, are just that: password problems. We conclude that effective, alternative authentication mechanisms should target authentication scenarios rather than the well-known problems of passwords. This is the only route to wide-spread adoption of alternatives.