Increasing the Security of Weak Passwords: the SPARTAN Interface

Password authentication suffers from the well-known tradeoff between security and usability. Secure passwords are difficult for users to remember, and memorable passwords are often easy to guess. SPARse Two-dimensional AuthenticatioN (SPARTAN) allows users to input their textual passwords in a two-dimensional grid instead of a linear textbox. This interface enables relatively short passwords to have a higher calculated level of security due to the need for an attacker to determine both the text of the password and the location of each character in the grid. We created a SPARTAN prototype and conducted a preliminary user study to evaluate the actual usability and security of the SPARTAN interface compared to the linear password entry interface. We find that while user-created SPARTAN passwords tend to be shorter than their linear counterparts, the calculated security of user-created SPARTAN passwords is higher than that of user-created linear passwords. We also asked participants to complete a survey on the usability of the SPARTAN interface and identified some areas of improvement, while prototype interaction provided evidence of users becoming more familiar with SPARTAN over time. Finally, we performed an investigation into password-cracking tools, and assert that SPARTAN passwords require more resources to crack than their linear counterparts. These findings suggest that SPARTAN is a promising alternative to linear passwords from a security standpoint. Usability of the interface and memorability of SPARTAN passwords is an interesting research question and should be further investigated in future work.