ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Design and evaluation of a shoulder-surfing resistant graphical password scheme
Full text PdfPdf (523 KB)
Source AVI archive
Proceedings of the working conference on Advanced visual interfaces table of contents
Venezia, Italy
SESSION: Evaluating interaction: research papers table of contents
Pages: 177 - 184  
Year of Publication: 2006
ISBN:1-59593-353-0
Authors
Susan Wiedenbeck  Drexel University, Philadelphia, PA
Jim Waters  Drexel University, Philadelphia, PA
Leonardo Sobrado  Rutgers University at Camden, Camden, NJ
Jean-Camille Birget  Rutgers University at Camden, Camden, NJ
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 31,   Downloads (12 Months): 204,   Citation Count: 3
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
Save this Article to a Binder    Display Formats: BibTex  EndNote ACM Ref   
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1133265.1133303
What is a DOI?

ABSTRACT

When users input their passwords in a public place, they may be at risk of attackers stealing their password. An attacker can capture a password by direct observation or by recording the individual's authentication session. This is referred to as shoulder-surfing and is a known risk, of special concern when authenticating in public places. Until recently, the only defense against shoulder-surfing has been vigilance on the part of the user. This paper reports on the design and evaluation of a game-like graphical method of authentication that is resistant to shoulder-surfing. The Convex Hull Click (CHC) scheme allows a user to prove knowledge of the graphical password safely in an insecure location because users never have to click directly on their password images. Usability testing of the CHC scheme showed that novice users were able to enter their graphical password accurately and to remember it over time. However, the protection against shoulder-surfing comes at the price of longer time to carry out the authentication.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Anne Adams , Martina Angela Sasse, Users are not the enemy, Communications of the ACM, v.42 n.12, p.40-46, Dec. 1999  [doi>10.1145/322796.322806]
 
2
Brostoff, S. and Sasse, M. A. Are Passfaces more usable than passwords: A field trial investigation. In McDonald S., et al. (Eds.), People and Computers XIV - Usability or Else, Proc. of HCI 2000, Springer, 2000, 405--424.
 
3
Brown, A. S., Bracken, E., Zoccoli, S. and Douglas, K. Generating and remembering passwords. Applied Cognitive Psychology, 18, (2004), 641--651.
 
4
Davis, D., Monrose, F., and Reiter, M. K. On user choice in graphical password schemes. In Proc. of the 13th USENIX Security Symposium, San Diego, 2004.
 
5
De Angeli, A., Coutts, M., Coventry, L., Cameron, D., Johnson, G. I., and Fischer, M. VIP: A visual approach to user authentication. In Proc. of AVI 2002, ACM Press, NY, 2002, 316--323.
 
6
Antonella De Angeli , Lynne Coventry , Graham Johnson , Karen Renaud, Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems, International Journal of Human-Computer Studies, v.63 n.1-2, p.128-152, July 2005  [doi>10.1016/j.ijhcs.2005.04.020]
 
7
Deci, E. L. Intrinsic Motivation, Plenum, New York, 1975.
8
Rachna Dhamija, Hash visualization in user authentication, CHI '00 extended abstracts on Human factors in computing systems, April 01-06, 2000, The Hague, The Netherlands  [doi>10.1145/633292.633455]
 
9
Dhamija, R. and Perrig, A. Déjà Vu: User study using images for authentication. In Ninth Usenix Security Symposium, 2000.
 
10
David C. Feldmeier , Philip R. Karn, UNIX Password Security - Ten Years Later, Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology, p.44-63, August 20-24, 1989
11
Blake Ives , Kenneth R. Walsh , Helmut Schneider, The domino effect of password reuse, Communications of the ACM, v.47 n.4, p.75-78, April 2004  [doi>10.1145/975817.975820]
 
12
Lepper, M. R. and Malone, T. W. Intrinsic motivation and instructional effectiveness in computer-based education. In R. E. Snow and M. J. Farr (Eds.), Aptitude, Learning, and Instruction, Lawrence Erlbaum, Hillsdale, NJ, 1987, 255--286.
13
Robert Morris , Ken Thompson, Password security: a case history, Communications of the ACM, v.22 n.11, p.594-597, Nov. 1979  [doi>10.1145/359168.359172]
 
14
Norman, D. A. The Design of Everyday Things. Basic Books, New York, 1988.
15
Volker Roth , Kai Richter , Rene Freidinger, A PIN-entry method resilient against shoulder surfing, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA  [doi>10.1145/1030083.1030116]
 
16
Giblin, P. Identities snatched in blink of eye. http://www.sachitechcops.org/news012604.htm. Accessed December 9, 2005.
 
17
M. A. Sasse , S. Brostoff , D. Weirich, Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security, BT Technology Journal, v.19 n.3, p.122-131, July 2001  [doi>10.1023/A:1011902718709 ]
 
18
Shoulder-surfing gets secret numbers on tape. http://www.wftv.com/money/3964515/detail.html. Accessed December 9, 2005.
 
19
Sobrado, L. and Birget, J. C. Graphical passwords. The Rutgers Scholar, 4, (Sept. 2002). http://RutgersScholar.rutgers.edu/volume04/sobrbirg/sobrbirg.htm.
 
20
Wagstaff, J. Shoulder-surfing: the old new phishing. http://loosewire.typepad.com/blog/2005/04/shoulder_surfin.ht ml. Accessed December 9, 2005.
 
21
Susan Wiedenbeck , Jim Waters , Jean-Camille Birget , Alex Brodskiy , Nasir Memon, PassPoints: design and longitudinal evaluation of a graphical password system, International Journal of Human-Computer Studies, v.63 n.1-2, p.102-127, July 2005  [doi>10.1016/j.ijhcs.2005.04.010]

CITED BY  3
Hirokazu Sasamoto , Nicolas Christin , Eiji Hayashi, Undercover: authentication usable in front of prying eyes, Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, April 05-10, 2008, Florence, Italy
 
Saranga Komanduri , Dugald R. Hutchings, Order and entropy in picture passwords, Proceedings of graphics interface 2008, May 28-30, 2008, Windsor, Ontario, Canada
Manu Kumar , Tal Garfinkel , Dan Boneh , Terry Winograd, Reducing shoulder-surfing by using gaze-based password entry, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6)
          Subjects: Graphical user interfaces (GUI)

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Authentication


Keywords:
authentication, convex hull click scheme, graphical passwords, password security, shoulder-surfing, usable security

Collaborative Colleagues:
Susan Wiedenbeck: colleagues
Jim Waters: colleagues
Leonardo Sobrado: colleagues
Jean-Camille Birget: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player