ABSTRACT
To gain access to computer systems, users are required to be authenticated. This is usually accomplished by having the user enter an alphanumeric username and password. Users are usually required to remember multiple passwords for different systems and this poses such problems as usability, memorabilty and secuurity. Passwords are usually difficult to remember and users have developed their own methods some of which are not secure of selecting passwords which are easy to remember.
In this research we developed a secure and usable password system which addresses the memorability problem. In our system users are required to remember three cartoon images which we demonstrate is easier to recall than a typical secure text password. This system is shown to be secure based on the probability of guessing a password and on the likelihood of an observer "shoulder surfing" the password and on the difficulty of launching a brute force attack against a graphical image system.
Our work demonstrates that security and usability can be achieved simultaneously. It lays the foundation for developing a class of similar password systems, differing only in the degree of security required. Our password system with its low memory requirements can be used in a wide array of applications.
- Birget, J., Hong, D., Memon, N., Man, S., Wiedenbeck, S. The graphical Passwords Project. Retrieved April 28, 2006, from http://clam.rutgers.edu/~birget/grPssw/Google Scholar
- Blonder, G. E. (1996) Graphical password. United States Patent 5559961.Google Scholar
- Brostoff, S., Sasse, A. Are Passfaces more usable than Passwords? A Field Trial Investigation.Google Scholar
- De Angeli, A., Coventry, L., Johnson, Graham., Renaud, K., (2005) Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies. Vol. 63. pp 128--152. Google ScholarDigital Library
- Dhamija, R., Perring, A. (2000). Déjà vu: A User Study Using Images for Authentication. Proceedings of the 9 USENIX Security Symposium. Google ScholarDigital Library
- Preece, J., Rogers, Y., Sharp, H. Interaction Design. Beyond Human Computer Interaction. Wiley Publishers. Google ScholarDigital Library
- Real User, The Science Behind Passfaces. (2004). Real User Corporation.Google Scholar
- Tullis, T., Tedesco, D. (2005). Using Personal Photos as Pictoral Passwords. ACM Computer Human Interaction Conference. Google ScholarDigital Library
- Wiedenbeck, S., Birget, J., Brodskiy, A. (2005) Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice. Symposium on Usable Privacy and Security (SOUPS) Google ScholarDigital Library
Index Terms
- Increasing security and usability of computer systems with graphical passwords
Recommendations
Multiple password interference in text passwords and click-based graphical passwords
CCS '09: Proceedings of the 16th ACM conference on Computer and communications securityThe underlying issues relating to the usability and security of multiple passwords are largely unexplored. However, we know that people generally have difficulty remembering multiple passwords. This reduces security since users reuse the same password ...
A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords
SOUPS '06: Proceedings of the second symposium on Usable privacy and securityPrevious research has found graphical passwords to be more memorable than non-dictionary or "strong" alphanumeric passwords. Participants in a prior study expressed concerns that this increase in memorability could also lead to an increased ...
Exploring usability effects of increasing security in click-based graphical passwords
ACSAC '10: Proceedings of the 26th Annual Computer Security Applications ConferenceGraphical passwords have been proposed to address known problems with traditional text passwords. For example, memorable user-chosen text passwords are predictable, but random system-assigned passwords are difficult to remember. We explore the usability ...
Comments