Front. Comput. Sci. DOI 10.1007/s11704-016-5472-z Graphical password: prevent shoulder-surfing attack using digraph substitution rules Lip Yee POR 1 , Chin Soon KU 1,2 , Amanul Islam 1 , Tan Fong ANG 1 1 Department of Computer Science and Information Technology, University of Malaya, Kuala Lumpur 50603, Malaysia 2 Department of Computer Science, Universiti Tunku Abdul Rahman (Jalan Universiti), Kampar 31900, Malaysia c  Higher Education Press and Springer-Verlag Berlin Heidelberg 2017 Abstract In this paper, a new scheme that uses digraph substitution rules to conceal the mechanism or activity re- quired to derive password-images is proposed. In the pro- posed method, a user is only required to click on one of the pass-image instead of both pass-images shown in each chal- lenge set for three consecutive sets. While this activity is sim- ple enough to reduce login time, the images clicked appear to be random and can only be obtained with complete knowl- edge of the registered password along with the activity rules. Thus, it becomes impossible for shoulder-surfing attackers to obtain the information about which password images and pass-images are used by the user. Although the attackers may know about the digraph substitution rules used in the pro- posed method, the scenario information used in each chal- lenge set remains. User study results reveal an average login process of less than half a minute. In addition, the proposed method is resistant to shoulder-surfing attacks. Keywords graphical password, authentication, shoulder- surfing, data and computer security, digraph substitution rules 1 Introduction Through the ages society has been attempting to secure im- portant resources by restricting access from unauthorized out- siders. Theft of computer data has become more prevalent in the 21st century. Prevention of such thefts requires heavier protection. The nature of data protection has evolved as how Received November 8, 2015; accepted September 29, 2016 E-mail: porlip@um.edu.my information stored changes. For example, in terms of ac- cess control, specifically login systems, data security has evolved from simply encrypting an alphanumeric password of an email system to the creation of an entire authentication system using biometric scanning mechanisms [1]. Alphanu- meric passwords are easy to implement since they are con- sidered a string of characters to the system’s developer. How- ever, a truly secured password should be both random as well as easily remembered by its owner. Randomness will pre- vent the password from being guessed by an attacker, while a memorable password will be convenient for the owner to gain access. However, this is hard to achieve using alphanu- meric passwords, as a random string of characters that can- not be easily guessed is harder for the owner to remember [2]. On the other hand, a simple password will be easily re- membered by the owner, but is usually easy for an attacker to guess, making it usable but weak [3]. A significant num- ber of graphical password schemes have been developed and tested to overcome this issue with alphanumeric authentica- tion. One reason for the rise of interest in graphical passwords is that images are said to be more memorable compared to strings of characters [4]. Graphical password schemes are generally classified into three major categories, namely re- call, cued-recall and recognition [5]. Recall schemes require the user to reproduce an image previously drawn by the user and recorded by the system during registration. Cued-recall systems require the user to click on several recorded points on an image displayed as recorded by the system during ac- count setup. Recognition will require the user to recognize and click on the images as registered during registration. Each