Abstract

As technology continues to evolve, the need for robust and user-friendly authentication methods becomes increasingly vital to safeguarding sensitive information. Graphical passwords, a contemporary approach to authentication, utilize images, patterns, or graphical elements as a means of access control. This systematic literature review delves into the dynamic realm of graphical passwords, focusing on the myriad security attacks they face, and the diverse countermeasures devised to mitigate these threats. The graphical password scheme is one of the most popular schemes used, yet it is vulnerable to numerous security attacks, such as shoulder surfing attacks, smudge attacks, spyware, and more. In order to mitigate these security threats, numerous methods have been proposed, but there is no ultimate solution for the security attacks; each of the proposed methods has its own advantages and limitations. The core objective of this paper is to identify existing security threats to graphical password schemes and the corresponding countermeasures developed to mitigate these attacks. The study process begins by identifying the usable databases and search engines to identify all the relevant resources. These include Academic Search Elite @EBSCOhost, Web of Science, MDPI, Semantic Scholar, ACM Digital Library, The Science and Information Organization, IEEE Xplore, ProQuest, Science Direct, Education Research Complete @EBSCOhost, IOPScience, SAGE Journals, and Scopus. The inclusion and exclusion criteria were carefully selected to prioritize the study, focusing mostly on attacks and countermeasures related to graphical password schemes between 2009 and 2023. After thorough identification and selection progress, 59 studies met all the criteria. Among these studies, 47 mentioned shoulder surfing as a threat to graphical password schemes, while 20 discussed brute force attacks. Additionally, there were 21 papers on dictionary attacks, 13 on smudge attacks, spyware attacks, and social engineering, and 19 that discussed guessing attacks as threats to graphical password schemes. Furthermore, the papers identified several other attacks, including frequency of occurrence analysis attacks, video recording, eavesdropping, computer vision, sonar, and image gallery attacks, with the corresponding numbers of papers being 9, 17, 5, 2, 2, and 1, respectively. The results also highlight the countermeasures proposed in the study papers to mitigate the aforementioned attacks. Among the various countermeasures identified, most revolve around randomization, obfuscation, and password space complexity as the most commonly used techniques for enhancing the security of graphical password schemes.