Many computer-based services today require a user to create a user account before the user may access the service. Commonly, in order to create a user account, the user must select a unique username and password. Typically the password is a text based password (i.e., a string of characters). To prevent an unauthorized person from utilizing the user's account, it is recommended that the user select a “strong” password (i.e., a password that is resistant to guessing or brute-force attack, such as a high entropy password). Generally, the “strength” of a password (i.e., the probability that the password will be hacked or the degree to which the password is susceptible to being hacked) is a function of its length, complexity, and unpredictability.
Because computers are becoming increasingly more powerful, short passwords are susceptible to brute-force attacks. Thus, many computer-based services require its users to select lengthypasswords (e.g., passwords that are at least eight characters long). Additionally, such computer based services also have rules regarding acceptable passwords, which rules are designed to ensure that users select complex passwords. For example, some services not only requires that the password be at least eight characters long, but may also require that: (i) the password contain a certain number of uppercase letters, numbers, and/or special characters (e.g., !, $, @, #) and (ii) the password not contain character repetitions. The longer and more complex a password is, however, the harder it is for a user to remember his or her password. Methods currently exists for estimating the strength of text-based passwords. Such methods may, for example, estimate the strength of a test-based password by, among other things, determining the length of the password and/or determining the number of special characters that the password contains.
An alternative solution to text-based passwords are graphical passwords. A service that uses graphical passwords for authentication rather than text-based passwords typically prompts its users to select a pattern as opposed to selecting a string of characters. The pattern then becomes the user's password. Graphical passwords are advantageous because the human brain seems more capable of remembering patterns than character strings. Much like the length and complexity of a text-based password, the more complex the pattern, the stronger the graphical password will be, however it is difficult to state rules regarding acceptable graphical passwords.
There is a need, therefore, to estimate the strength of graphical passwords.