A Graphical User Authentication with Compass Direction and Rotation-Based Dual-Derivation
Chin Soon Ku1,*, Hui Yi Lim2, Ana Nabilah Binti Sa’uadi2, Siew Cheng Lai1, Jit Theam Lim3, Pei Xuan Ku4, Zeng-Wei Hong5, Lip Yee Por6
1 Department of Computer Science, Universiti Tunku Abdul Rahman, Kampar, Perak, Malaysia
2 Department of Information Systems, Universiti Tunku Abdul Rahman, Kampar, Perak, Malaysia
3 Department of Digital Economy Technology, Universiti Tunku Abdul Rahman, Kampar, Perak, Malaysia
4 School of Engineering, Faculty of Innovation and Technology, Taylor’s University, Subang Jaya, Selangor, Malaysia
5 Department of Information Engineering and Computer Science, Feng Chia University, Taichung, Taiwan
6 Center of Research for Cyber Security and Network (CSNET), Faculty of Computer Science and Information Technology, Universiti Malaya, Kuala Lumpur, Wilayar Persekutuan, Malaysia
* Corresponding Author: Chin Soon Ku. Email: 
Computers, Materials & Continua https://doi.org/10.32604/cmc.2026.082586
Received 18 March 2026; Accepted 01 June 2026; Published online 12 June 2026
Abstract
In the expanding Internet of Things (IoT) ecosystem, billions of interconnected devices exchange sensitive data, making secure and usable authentication critical. IoT devices in public or shared environments are vulnerable to shoulder-surfing and video recorded observation attacks. Traditional passwords and static graphical schemes remain susceptible due to predictable patterns and direct credential entry. This study presents a novel recognition-based graphical authentication scheme that combines pass-image selection with compass direction substitution and rotation logic to resist observation-based attacks. A prototype was evaluated with 58 participants over three days. Usability metrics included registration time, login time, success rate, and error rate. Memorability and resistance to shoulder-surfing were also assessed. Results showed that login times decreased from 43.62 to 37.78 s, while success rates increased from 40% to 53%, indicating rapid adaptation. Memorability scores improved from 2.05 to 2.19 on a 3-point scale, with perfect recall for five-image passwords by Day 3. Shoulder-surfing tests recorded a 0% attacker success rate. The preliminary results suggest that the scheme offers a useful balance of usability, memorability, and resistance to single session observation attacks. Future work will explore adaptive complexity and accessibility features to further enhance secure authentication.
Keywords
Graphical user authentication; compass direction; rotation pattern; dual-derivation; shoulder-surfing attack; video recording attack
Open Access
Login
Register
Submit a Paper
Propose a Special lssue
Download PDF
Downloads
Citation Tools
