Internet of Things has become a significant and evolving technology that cannot be avoidable in most of the sectors. However, the Internet of Things security became a concern due to the huge amount of the sensitive data that transferring through IoT resources. Secure the users' authentication process of the IoT is the first line of defense to protect the users' data from violation. Typically, the alphanumeric-based password is the popular method to authenticate the users of the IoT. But it is a vulnerable mechanism that can be violated easily. For that, this research aims to develop a graphical-based password scheme to support the traditional text password in the IoT technology. The proposed scheme is a hybrid (Two-factor) approach, based on two types of Knowledge-based Authentication method (alphanumeric-based password and graphical-based password) naming as IoT-GP. IoT-GP aims to improve the users' authentication security considering the usability enhancement. The results obtain from the conducted field study indicated that IoT-GP significantly improved the security and the usability. The results of the password entropy and password space indicated that IoT-GP obtained a high rate comparing to another schemes, which reflected on the IoT-GP ability to resist the guessing and brute force attacks.

Alphanumeric-based password; Graphical-based password; Internet of things; Internet of things security; Internet of things user authentication