Draw a Secret

Draw a Secret (DAS) is a graphical password input scheme developed by Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter and Aviel D. Rubin and presented in a paper at the 8th USENIX Security Symposium in Augusts 1999.

[2] The predominant argument in favor of graphical over alphanumeric passwords is use of the Picture superiority effect which describes the improved performance of the human mind in recalling images and objects over strings of text.

This effect is utilized through DAS, as complex drawings are less difficult for the human mind to memorize than a long string of alphanumeric characters.

With BDAS, the user can choose an image to place over the grid, which has unique features to aid in correct placement of the drawing.

A study done at Newcastle university showed that with a background image, participants in the study tended to construct more complex pass phrases (e.g. with a larger length or stroke count) than others that had used DAS, though the rate of recall after a one-week period showed an almost identical percentage of participants having the ability to recall DAS sequences over BDAS sequences.

Through the use of common "hotspots" or "Points-of-interest" in a grid or background image, a graphical dictionary attack can be initiated to guess users' passwords .

[5] These attacks are far more common to the Background variation of Draw a Secret as it utilizes an image that can used to exploit the vulnerabilities explained above.