GRA-PIN: A Graphical and PIN-Based Hybrid Authentication Approach for Smart Devices

Abstract

In many smart devices and numerous digital applications, authentication mechanisms are widely used to validate the legitimacy of users’ identification. As a result of the increased use of mobile devices, most people tend to save sensitive and secret information over such devices. Personal Identification Number (PIN)-based and alphanumeric passwords are simple to remember, but at the same time, they are vulnerable to hackers. Being difficult to guess and more user-friendly, graphical passwords have grown in popularity as an alternative to all such textual passwords. This paper describes an innovative, hybrid, and much more robust user authentication approach, named GRA-PIN (GRAphical and PIN-based), which combines the merits of both graphical and pin-based techniques. The feature of simple arithmetic operations (addition and subtraction) is incorporated in the proposed scheme, through which random passwords are generated for each login attempt. In the study, we have conducted a comparative study between the GRA-PIN scheme with existing PIN-based and pattern-based (swipe-based) authentications approaches using the standard Software Usability Scale (SUS). The usability score of GRA-PIN was analyzed to be as high as 94%, indicating that it is more reliable and user friendly. Furthermore, the security of the proposed scheme was challenged through an experiment wherein three different attackers, having a complete understanding of the proposed scheme, attempted to crack the technique via shoulder surfing, guessing, and camera attack, but they were unsuccessful.