CCE Theses and Dissertations

Date of Award


Document Type


Degree Name

Doctor of Philosophy in Computer Information Systems (DCIS)


Graduate School of Computer and Information Sciences


Maxine S. Cohen

Committee Member

James D. Cannady

Committee Member

Timothy Ellis


Traditional text-based passwords used for authentication in information systems have several known issues in the areas of usability and security. Research has shown that when users generate passwords for systems, they tend to create passwords that are subject to compromise more so than those created randomly by the computer. Research has also shown that users have difficulty remembering highly secure, randomly created, text-based passwords.

Graphical-based passwords have been shown to be highly memorable for users when applied to system authentication. However, graphical-based authentication systems require additional cognitive load to recognize and enter a password compared to traditional text-based authentication that is more muscle-memory. This increase in cognitive load causes an increased security risk of shoulder-surfing created from the longer amount of time needed to input a password.

Graphical-based authentication systems use the same images for each possible input value. This makes these authentication systems vulnerable to attackers. The attackers use their ability to remember visual information to compromise a graphical-based password.

This study conducted research into a graphical-based authentication scheme that implemented pictorial synonyms. The goal is to decrease security risk of graphical-based authentication systems while maintaining (or even increasing) the usability of these systems. To accomplish this goal, a study to evaluate the impact on the cognitive load required using an image synonym authentication system compared to traditional graphical-based authentication schemes.

The research found that there was not a significant difference in the areas of user cognitive load, shoulder-surfing threat, and user effectiveness. The research evaluated users' accuracy, cognitive load, and time to authenticate and found to have significant impact of pictorial synonyms on graphical-based authentication systems. The research shows that the accuracy of pictorial synonyms was greater than word password. This appears to due to people's ability to recall pictorial information over text information. Future research should look at the impact of pictorial synonyms on shoulder-surfing attackers and different ages.