RoundImage: Towards secure graphical password authentication via rounded image selection in IoT

User authentication is a basic security mechanism under Internet-of-Things (IoT) environments, which means to verify whether the logging user is legitimate or not. Due to known limitations of existing password-based authentication, graphical password is one promising solution to enhance the current user authentication process in IoT. However, it is an open question how to design a usable and robust graphical password scheme. In this work, we introduce RoundImage, a graphical password scheme that requires users to select images in rounds (e.g., three rounds) for authentication. It can resist against some typical threats such as shoulder-surfing attacks and provide fault tolerance. In the evaluation, we set up an IoT scenario and test its performance with 100 participants. The results demonstrate the usability and potential of our scheme in a practical IoT environment. Copyright © 2025 IEEE.