2 research outputs found
Usable, secure and deployable graphical passwords
PhD ThesisEvaluations of the usability and security of alphanumeric passwords and Personal
Identification Numbers (PINs) have shown that users cannot remember credentials
considered to be secure. However, the continued reliance upon these methods of user
authentication has placed end-users and system designers in a coevolutionary struggle, with each defending competing concerns of usability and security. Graphical
passwords have been proposed as an alternative, and their use is supported by cognitive theories such as the picture superiority effect which suggest that pictures, rather
than words or numbers, could provide a stronger foundation upon which to design
usable and secure knowledge-based authentication. Indeed, early usability studies
of novel systems harnessing this effect appear to show promise, however, the uptake
of graphical passwords in real-world systems is low. This inertia is likely related to
uncertainty regarding the challenges that novel systems might bring to the already delicate interplay between usability and security; particularly the new challenges faced in
scaffolding user behaviours that comply with context-specific security policies, uncertainty regarding the nature of new socio-technical attacks, and the impact of images
themselves upon usability and security.
In this thesis we present a number of case studies incorporating new designs,
empirical methods and results, that begin to explore these aspects of representative
graphical password systems. Specifically, we explore: (i) how we can implicitly support security-focused behaviours such as choosing high entropy graphical passwords
and defending against observation attack; (ii) how to capture the likely extent of
insecure behaviour in the social domain such as graphical password sharing and observation attack; and (iii) how through the selection of appropriate properties of the
images themselves we can provide security and usability benefits. In doing so, we gen-
erate new insights into the potential of graphical passwords to provide usable, secure
and deployable user authentication.Microsoft Research