A Hybrid Graphical User Authentication Scheme in Mobile Cloud Computing Environments

User authentication is a critical security requirement for accessing resources in cloud computing systems. A text-based password is a standard user authentication way and it is still extensively used so far. However, textual passwords are difficult to remember, which forces users to write it down and compromise security. In recent years, graphical user authentication methods have been proposed as an alternative way used to verify the identity of users. The most critical challenges cloud-computing users face is to post their sensitive data on external servers that are not directly under their control and that can be used or managed by other people. This paper proposes a question-based hybrid graphical user authentication scheme for portable cloud-computing environments. The proposed scheme comprises advantages over both recognition- and recall-based techniques without storing any sensitive information on cloud servers. The experimental study and survey have been conducted to investigate the user satisfaction about the performance and usability aspects of the proposed scheme. The study results show that the proposed scheme is secure, easy to use, and immune to potential password attacks such as brute force password guessing attacks and shoulder surfing attacks