An Exploration of Hot-Spots in Locimetric Passwords

Locimetric authentication is a form of graphical authentication where users validate their identity by selecting predetermined points on a predetermined image. Its primary advantage over the ubiquitous text-based approach stems from users' superior ability to remember visual information over textual information, coupled with the authentication process being transformed to one requiring recognition (instead of recall). Ideally, these differentiations enable users to create more complex passwords, which theoretically are more secure. Yet, locimetric authentication has one significant weakness, hot-spots, that is, areas in an image that users gravitate towards and consequently have a higher probability of being selected. This paper investigates whether the hot-spot problem persists with high-resolution images, as well as whether user characteristics and password length play a role. Our findings confirm the presence of hot-spots in high-resolution images, thus influencing the locimetric authentication scheme's effectiveness. Furthermore, we find that neither user characteristics (such as age, gender, and income) nor password length radically influence their extent. We conclude by proposing strategies to mitigate the hot-spot phenomenon.