82 research outputs found
CCBS – a method to maintain memorability, accuracy of password submission and the effective password space in click-based visual passwords
Text passwords are vulnerable to many security attacks due to a number of reasons such as the insecure practices of end
users who select weak passwords to maintain their long term memory. As such, visual password (VP) solutions were
developed to maintain the security and usability of user authentication in collaborative systems. This paper focuses on the
challenges facing click-based visual password systems and proposes a novel method in response to them. For instance,
Hotspots reveal a serious vulnerability. They occur because users are attracted to specific parts of an image and neglect
other areas. Undertaking image analysis to identify these high probability areas can assist dictionary attacks.
Another concern is that click-based systems do not guide users towards the correct click-point they are aiming to
select. For instance, users might recall the correct spot or area but still fail to include their click within the tolerance
distance around the original click-point which results in more incorrect password submissions.
Nevertheless, the Passpoints study by Wiedenbeck et al., 2005 inspected the retention of their VP in comparison with
text passwords over the long term. Despite being cued-recall the successful rate of their VP submission was not superior
to text passwords as it decreased from 85% (the instant retention on the day of registration) to 55% after 2 weeks. This
result was identical to that of the text password in the same experiment. The successful submission rates after 6 weeks
were also 55% for both VP and text passwords.
This paper addresses these issues, and then presents a novel method (CCBS) as a usable solution supported by an
empirical proof. A user study is conducted and the results are evaluated against a comparative study
Recommended from our members
NAVI: Novel authentication with visual information
Text-based passwords, despite their well-known drawbacks, remain the dominant user authentication scheme implemented. Graphical password systems, based on visual information such as the recognition of photographs and / or pictures, have emerged as a promising alternative to the aggregate reliance on text passwords. Nevertheless, despite the advantages offered they have not been widely used in practice since many open issues need to be resolved. In this paper we propose a novel graphical password scheme, NAVI, where the credentials of the user are his username and a password formulated by drawing a route on a predefined map. We analyze the strength of the password generated by this scheme and present a prototype implementation in order to illustrate the feasibility of our proposal. Finally, we discuss NAVI’s security features and compare it with existing graphical password schemes as well as text-based passwords in terms of key security features, such aspassword keyspace, dictionary attacks and guessing attacks. The proposed scheme appears to have the same or better performance in the majority of the security features examined
The effect of baroque music on the PassPoints graphical password
Graphical passwords have been demonstrated to be the possible alternatives to traditional alphanumeric passwords. However, they still tend to follow predictable patterns that are easier to attack. The crux of the problem is users’ memory limitations. Users are the weakest link in password authentication mechanism. It shows that baroque music has positive effects on human memorizing and learning. We introduce baroque music to the PassPoints graphical password scheme and conduct a laboratory study in this paper. Results shown that there is no statistic difference between the music group and the control group without music in short-term recall experiments, both had high recall success rates. But in long-term recall, the music group performed significantly better. We also found that the music group tended to set significantly more complicated passwords, which are usually more resistant to dictionary and other guess attacks. But compared with the control group, the music group took more time to log in both in short-term and long-term tests. Besides, it appears that background music does not work in terms of hotspots
The effect of baroque music on the PassPoints graphical password
Graphical passwords have been demonstrated to be the possible alternatives to traditional alphanumeric passwords. However, they still tend to follow predictable patterns that are easier to attack. The crux of the problem is users’ memory limitations. Users are the weakest link in password authentication mechanism. It shows that baroque music has positive effects on human memorizing and learning. We introduce baroque music to the PassPoints graphical password scheme and conduct a laboratory study in this paper. Results shown that there is no statistic difference between the music group and the control group without music in short-term recall experiments, both had high recall success rates. But in long-term recall, the music group performed significantly better. We also found that the music group tended to set significantly more complicated passwords, which are usually more resistant to dictionary and other guess attacks. But compared with the control group, the music group took more time to log in both in short-term and long-term tests. Besides, it appears that background music does not work in terms of hotspots
Exploring the Effect of Resolution on the Usability of Locimetric Authentication
Locimetric authentication is a form of graphical authentication in which
users validate their identity by selecting predetermined points on a
predetermined image. Its primary advantage over the ubiquitous text-based
approach stems from users' superior ability to remember visual information over
textual information, coupled with the authentication process being transformed
to one requiring recognition (instead of recall). Ideally, these
differentiations enable users to create more complex passwords, which
theoretically are more secure. Yet locimetric authentication has one
significant weakness: hot-spots. This term refers to areas of an image that
users gravitate towards, and which consequently have a higher probability of
being selected. Although many strategies have been proposed to counter the
hot-spot problem, one area that has received little attention is that of
resolution. The hypothesis here is that high-resolution images would afford the
user a larger password space, and consequently any hot-spots would dissipate.
We employ an experimental approach, where users generate a series of locimetric
passwords on either low- or high-resolution images. Our research reveals the
presence of hot-spots even in high-resolution images, albeit at a lower level
than that exhibited with low-resolution images. We conclude by reinforcing that
other techniques - such as existing or new software controls or training - need
to be utilized to mitigate the emergence of hot-spots with the locimetric
scheme.Comment: 10 pages, 2 figure
The effect of baroque music on the PassPoints graphical password
Graphical passwords have been demonstrated to be the possible alternatives to traditional alphanumeric passwords. However, they still tend to follow predictable patterns that are easier to attack. The crux of the problem is users’ memory limitations. Users are the weakest link in password authentication mechanism. It shows that baroque music has positive effects on human memorizing and learning. We introduce baroque music to the PassPoints graphical password scheme and conduct a laboratory study in this paper. Results shown that there is no statistic difference between the music group and the control group without music in short-term recall experiments, both had high recall success rates. But in long-term recall, the music group performed significantly better. We also found that the music group tended to set significantly more complicated passwords, which are usually more resistant to dictionary and other guess attacks. But compared with the control group, the music group took more time to log in both in short-term and long-term tests. Besides, it appears that background music does not work in terms of hotspots
- …