Gathering realistic authentication performance data through field trials

Most evaluations of novel authentication mechanisms have been conducted under laboratory conditions. We argue that the results of short-term usage under laboratory conditions do not predict user performance “in the wild”, because there is insufficient time between enrolment and testing, the number of authentications is low, and authentication is presented as a primary task, rather then the secondary task as it is “in the wild”. User generated reports of performance on the other hand provide subjective data, so reports on frequency of use, time intervals, and success or failure of authentication are subject to the vagaries of users ’ memories. Studies on authentication that provide objective performance data under real-world conditions are rare. In this paper, we present our experiences with a study method that tries to control frequency and timing of authentication, and collects reliable performance data, while maintaining ecological validity of the authentication context at the same time. We describe the development of an authentication server called APET, which allows us to prompt users enrolled in trial cohorts to authenticate at controlled intervals, and report our initial experiences with trials. We conclude by discussing remaining challenges in obtaining reliable performance data through a field trial method such as this one

Comparing the usability of doodle and Mikon images to be used as authenticators in graphical authentication systems

Recognition-based graphical authentication systems rely on the recognition of authenticator images by legitimate users for authentication. This paper presents the results of a study that compared doodle images and Mikon images as authenticators in recognition based graphical authentication systems taking various usability dimensions into account. The results of the usability evaluation, with 20 participants, demonstrated that users preferred Mikon to doodle images as authenticators in recognition based graphical authentication mechanisms. Furthermore, participants found it difficult to recognize doodle images during authentication as well as associate them with something meaningful. Our findings also show the need to consider the security offered by the images, especially their predictability

A comprehensive study of the usability of multiple graphical passwords

Recognition-based graphical authentication systems (RBGSs) using images as passwords have been proposed as one potential solution to the need for more usable authentication. The rapid increase in the technologies requiring user authentication has increased the number of passwords that users have to remember. But nearly all prior work with RBGSs has studied the usability of a single password. In this paper, we present the first published comparison of the usability of multiple graphical passwords with four different image types: Mikon, doodle, art and everyday objects (food, buildings, sports etc.). A longi-tudinal experiment was performed with 100 participants over a period of 8 weeks, to examine the usability performance of each of the image types. The re-sults of the study demonstrate that object images are most usable in the sense of being more memorable and less time-consuming to employ, Mikon images are close behind but doodle and art images are significantly inferior. The results of our study complement cognitive literature on the picture superiority effect, vis-ual search process and nameability of visually complex images

Advanced Security Functions Based on CaRP Using Random Image Grid

A new security primitive for secure applications are required these days. Captcha technology solves the most security based problems. Captcha as graphical passwords (CaRP) is proposed in this work along with secure upload of events and an Improved method of CaRP. We consider an event update application, where security is highly required. CaRP addresses a number of security problems altogether, such as online guessing attacks, relay attacks, and, if combined with dual-view technologies, shoulder-surfing attacks. CaRP deals only with the security related to authentication, in most of the application, only authentication security is not enough, thus we develop a secure event upload model even after CaRP authentication. This system offers high security to the authentication and published content Along with an Improved Method of CaRP. DOI: 10.17762/ijritcc2321-8169.150513

Critical aspects In authentication graphic keys

In order to increase the number of possible keys (key’s space), some applications are using, as the user’s authentication secret, images instead of words, taking advantage of the several possibilities for each mouse click and of the fact that humans memorize images better then words. This paper presents the characterisation of the graphical keys chosen by almost 200 regular users of a website and the results show some important fact that must taken into account to maximize the security of the authentication process.(undefined