@Article{cmc.2026.082586,
AUTHOR = {Chin Soon Ku, Hui Yi Lim, Ana Nabilah Binti Sa’uadi, Siew Cheng Lai, Jit Theam Lim, Pei Xuan Ku, Zeng-Wei Hong, Lip Yee Por},
TITLE = {A Graphical User Authentication with Compass Direction and Rotation-Based Dual-Derivation},
JOURNAL = {Computers, Materials \& Continua},
VOLUME = {},
YEAR = {},
NUMBER = {},
PAGES = {{pages}},
URL = {http://www.techscience.com/cmc/online/detail/27177},
ISSN = {1546-2226},
ABSTRACT = {In the expanding Internet of Things (IoT) ecosystem, billions of interconnected devices exchange sensitive data, making secure and usable authentication critical. IoT devices in public or shared environments are vulnerable to shoulder-surfing and video recorded observation attacks. Traditional passwords and static graphical schemes remain susceptible due to predictable patterns and direct credential entry. This study presents a novel recognition-based graphical authentication scheme that combines pass-image selection with compass direction substitution and rotation logic to resist observation-based attacks. A prototype was evaluated with 58 participants over three days. Usability metrics included registration time, login time, success rate, and error rate. Memorability and resistance to shoulder-surfing were also assessed. Results showed that login times decreased from 43.62 to 37.78 s, while success rates increased from 40% to 53%, indicating rapid adaptation. Memorability scores improved from 2.05 to 2.19 on a 3-point scale, with perfect recall for five-image passwords by Day 3. Shoulder-surfing tests recorded a 0% attacker success rate. The preliminary results suggest that the scheme offers a useful balance of usability, memorability, and resistance to single session observation attacks. Future work will explore adaptive complexity and accessibility features to further enhance secure authentication.},
DOI = {10.32604/cmc.2026.082586}
}