Enhancing the security of FinTech applications with map-based graphical password authentication

Research output: Journal Publications and Reviews (RGC: 21, 22, 62)21_Publication in refereed journal

2 Scopus Citations
View graph of relations


Related Research Unit(s)


Original languageEnglish
Pages (from-to)1018-1027
Journal / PublicationFuture Generation Computer Systems
Online published18 Jul 2019
Publication statusPublished - Dec 2019


With the rapid development of information technology (IT) in financial industry, financial technology (FinTech) has become an emerging area for enterprises and organizations. Due to the wide adoption of IT, various FinTech applications are used by financial industry to help process information and offer financial services. Traditionally, textual passwords are the most widely deployed authentication mechanism, while having many known limitations. As a result, there is a need to enhance the security of FinTech authentication against cyber-criminals. As an alternative, graphical passwords (GPs) are considered as one promising solution to complement traditional password-based systems. In the literature, various GP schemes were proposed such as PassPoints, DAS, Cued Click Points, GeoPass, etc. In this work, we identify that multiple password inference has become a challenge for most GP schemes, and thus design RouteMap, a map-and route-based GP to further improve the security of FinTech applications. This scheme requires users to create a route on a world map as their credentials. In the evaluation, we involved a total of 120 participants, among which 60 of them have financial (FinTech) background, and investigated the performance of RouteMap by comparing it with two similar schemes. Our results demonstrate that participants can achieve better performance using RouteMap in the aspects of both authentication accuracy and multiple password memory. Our effort attempts to complement existing studies and stimulate more research on the combination of GP and FinTech.

Research Area(s)

  • FinTech application, Graphical passwords, Map passwords, Multiple password inference, Security and usability, User authentication