184 research outputs found
Changing users' security behaviour towards security questions: A game based learning approach
Fallback authentication is used to retrieve forgotten passwords. Security
questions are one of the main techniques used to conduct fallback
authentication. In this paper, we propose a serious game design that uses
system-generated security questions with the aim of improving the usability of
fallback authentication. For this purpose, we adopted the popular picture-based
"4 Pics 1 word" mobile game. This game was selected because of its use of
pictures and cues, which previous psychology research found to be crucial to
aid memorability. This game asks users to pick the word that relates to the
given pictures. We then customized this game by adding features which help
maximize the following memory retrieval skills: (a) verbal cues - by providing
hints with verbal descriptions, (b) spatial cues - by maintaining the same
order of pictures, (c) graphical cues - by showing 4 images for each challenge,
(d) interactivity/engaging nature of the game.Comment: 6, Military Communications and Information Systems Conference
(MilCIS), 2017. arXiv admin note: substantial text overlap with
arXiv:1707.0807
Recommended from our members
Encouraging users to improve password security and memorability
Security issues in text-based password authentication are rarely caused by technical issues, but rather by the limitations of human memory, and human perceptions together with their consequential responses. This study introduces a new user-friendly guideline approach to password creation, including persuasive messages that motivate and influence users to select more secure and memorable text passwords without overburdening their memory. From a broad understanding of human factors-caused security problems, we offer a reliable solution by encouraging users to create their own formula to compose passwords. A study has been conducted to evaluate the efficiency of the proposed password guidelines. Its results suggest that the password creation methods and persuasive message provided to users convinced them to create cryptographically strong and memorable passwords. Participants were divided into two groups in the study. The participants in the experimental group who were given several password creation methods along with a persuasive message created more secure and memorable passwords than the participants in the control group who were asked to comply with the usual strict password creation rules. The study also suggests that our password creation methods are much more efficient than strict password policy rules. The security and usability evaluation of the proposed password guideline showed that simple improvements such as adding persuasive text to the usual password guidelines consisting of several password restriction rules make significant changes to the strength and memorability of passwords. The proposed password guidelines are a low-cost solution to the problem of improving the security and usability of text-based passwords
CCBS β a method to maintain memorability, accuracy of password submission and the effective password space in click-based visual passwords
Text passwords are vulnerable to many security attacks due to a number of reasons such as the insecure practices of end
users who select weak passwords to maintain their long term memory. As such, visual password (VP) solutions were
developed to maintain the security and usability of user authentication in collaborative systems. This paper focuses on the
challenges facing click-based visual password systems and proposes a novel method in response to them. For instance,
Hotspots reveal a serious vulnerability. They occur because users are attracted to specific parts of an image and neglect
other areas. Undertaking image analysis to identify these high probability areas can assist dictionary attacks.
Another concern is that click-based systems do not guide users towards the correct click-point they are aiming to
select. For instance, users might recall the correct spot or area but still fail to include their click within the tolerance
distance around the original click-point which results in more incorrect password submissions.
Nevertheless, the Passpoints study by Wiedenbeck et al., 2005 inspected the retention of their VP in comparison with
text passwords over the long term. Despite being cued-recall the successful rate of their VP submission was not superior
to text passwords as it decreased from 85% (the instant retention on the day of registration) to 55% after 2 weeks. This
result was identical to that of the text password in the same experiment. The successful submission rates after 6 weeks
were also 55% for both VP and text passwords.
This paper addresses these issues, and then presents a novel method (CCBS) as a usable solution supported by an
empirical proof. A user study is conducted and the results are evaluated against a comparative study
- β¦