ABSTRACT
Recent research reveals interaction effects among human cognitive processing factors, interaction device types and user authentication schemes towards security of user created graphical keys. Aiming to investigate how different visual behaviors of individuals with varying cognitive strategies affect the security aspects of graphical user authentication (GUA) across device types, this paper reports preliminary results of a user study (N=51) on graphical password composition using a recognition-based GUA scheme. Results reveal differences on key strength and complexity, as well as on gaze-based entropies between users with different cognitive strategies, which can be used for the design of user-adaptive GUA schemes.
- Charoula Angeli, Nicos Valanides, and Paul Kirschner. 2009. Field dependence--independence and instructional-design effects on learners' performance with a computer-modeling tool. Computers in Human Behavior 25, 6: 1355--1366. Google ScholarDigital Library
- Marios Belk, Christos Fidas, Panagiotis Germanakos, and George Samaras. 2013. Security for Diversity: Studying the Effects of Verbal and Imagery Processes on User Authentication Mechanisms. In 442--459.Google Scholar
- Marios Belk, Christos Fidas, Panagiotis Germanakos, and George Samaras. 2015. A Personalized User Authentication Approach Based on Individual Differences in Information Processing. Interacting with Computers 27, 6: 706--723. Google ScholarCross Ref
- Robert Biddle, Sonia Chiasson, and P.C. Van Oorschot. 2012. Graphical passwords. ACM Computing Surveys 44, 4: 1--41. Google ScholarDigital Library
- Sacha Brostoff and M Angela Sasse. 2000. Are Passfaces More Usable Than Passwords? A Field Trial Investigation. In People and Computers XIV -- Usability or Else!. Springer London, London, 405-- 424.Google ScholarCross Ref
- Sonia Chiasson, Alain Forget, Elizabeth Stobert, P. C. van Oorschot, and Robert Biddle. 2009. Multiple password interference in text passwords and clickbased graphical passwords. Proceedings of the 16th ACM conference on Computer and communications security - CCS '09, ACM Press, 500.Google ScholarDigital Library
- Darren Davis, Fabian Monrose, and Michael K Reiter. 2004. On User Choice in Graphical Password Schemes. In 13th USENIX Security Symposium.Google Scholar
- Rachna Dhamija and Adrian Perrig. 2000. Deja VuA User Study: Using Images for Authentication. USENIX Security Symposium, 4.Google Scholar
- Kerstin Gidlöf, Annika Wallin, Richard Dewhurst, and Kenneth Holmqvist. 2013. Using Eye Tracking to Trace a Cognitive Process: Gaze Behaviour During Decision Making in a Natural Environment. Journal of Eye Movement Research 6, 1.Google ScholarCross Ref
- C. Herley and P. Van Oorschot. 2012. A Research Agenda Acknowledging the Persistence of Passwords. IEEE Security & Privacy Magazine 10, 1: 28--36. Google ScholarDigital Library
- Jon-Chao Hong, Ming-Yueh Hwang, Ker-Ping Tam, Yi-Hsuan Lai, and Li-Chun Liu. 2012. Effects of cognitive style on digital jigsaw puzzle performance: A GridWare analysis. Computers in Human Behavior 28, 3: 920--928. Google ScholarDigital Library
- Saranga Komanduri, Richard Shay, Patrick Gage Kelley, et al. 2011. Of passwords and people. Proceedings of the 2011 annual conference on Human factors in computing systems - CHI '11, ACM Press, 2595. Google ScholarDigital Library
- Dachuan Liu, Bo Dong, Xing Gao, and Haining Wang. 2015. Exploiting Eye Tracking for Smartphone Authentication. In Lecture Notes in Computer Science (LNCS). 457--477. Google ScholarCross Ref
- Yao Ma, Jinjuan Feng, Libby Kumin, and Jonathan Lazar. 2013. Investigating User Behavior for Authentication Methods. ACM Transactions on Accessible Computing 4, 4: 1--27. Google ScholarDigital Library
- Martin Mihajlov and Borka Jerman-Blazic. 2011. On designing usable and secure recognition-based graphical authentication mechanisms. Interacting with Computers 23, 6: 582--593. Google ScholarDigital Library
- James Nicholson, Lynne Coventry, and Pam Briggs. 2013. Age-related performance issues for PIN and face-based authentication systems. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems - CHI '13, ACM Press, 323. Google ScholarDigital Library
- L. O'Gorman. 2003. Comparing passwords, tokens, and biometrics for user authentication. Proceedings of the IEEE 91, 12: 2021--2040. Google ScholarCross Ref
- Philip K Oltman, Evelyn Raskin, and Herman A Witkin. 1971. Group embedded figures test. Consulting Psychologists Press Palo Alto, CA.Google Scholar
- George E Raptis, Christos A Fidas, and Nikolaos M Avouris. 2016. Using Eye Tracking to Identify Cognitive Differences: A Brief Literature Review. 20th Pan-Hellenic Conference in Informatics, 21.Google ScholarDigital Library
- Kent A. Rittschof. 2010. Field dependence-- independence as visuospatial and executive functioning in working memory: implications for instructional systems design and research. Educational Technology Research and Development 58, 1: 99--114. Google ScholarCross Ref
- Aviel D Rubin, Ian Jermyn, Alain Mayer, Fabian Monrose, and Michael K Reiter. 1999. The design and analysis of graphical passwords. 8th USENIX Security Symposium.Google Scholar
- Chen Sun, Yang Wang, and Jun Zheng. 2014. Dissecting pattern unlock: The effect of pattern strength meter on pattern selection. Journal of Information Security and Applications 19, 4--5: 308--320.Google ScholarDigital Library
- Hai Tao and Carlisle Adams. 2008. Pass-Go: A Proposal to Improve the Usability of Graphical Passwords. IJ Network Security 7, 2: 273--292.Google Scholar
- Susan Wiedenbeck, Jim Waters, Jean-Camille Birget, Alex Brodskiy, and Nasir Memon. 2005. PassPoints: Design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies 63, 1--2: 102--127.Google ScholarDigital Library
- H. A. Witkin, C. A. Moore, D. R. Goodenough, and P. W. Cox. 1975. Field-Dependent and FieldIndependent Cognitive Styles and Their Educational Implications. ETS Research Bulletin Series 1975, 2: 1--64. Google ScholarCross Ref
- Emanuel von Zezschwitz, Alexander De Luca, and Heinrich Hussmann. 2014. Honey, I shrunk the keys. Proceedings of the 8th Nordic Conference on Human-Computer Interaction Fun, Fast, Foundational - NordiCHI '14, ACM Press, 461--470.Google ScholarDigital Library
- Windows 10 sign in options. Retrieved January 11, 2017 from http://www.thewindowsclub.com/windows-10-signoptions.Google Scholar
- Tobii Pro Glasses 2. Retrieved January 8, 2017 from http://www.tobiipro.com/product-listing/tobiipro-glasses-2/.Google Scholar
Index Terms
- Influences of Users' Cognitive Strategies on Graphical Password Composition
Recommendations
Eye Gaze-driven Prediction of Cognitive Differences during Graphical Password Composition
IUI '18: Proceedings of the 23rd International Conference on Intelligent User InterfacesEvidence suggests that individual cognitive differences affect users' memorability, visual behavior, and graphical passwords' security. Such knowledge denotes the added value of personalizing graphical password schemes towards the unique cognitive ...
Influences of Human Cognition and Visual Behavior on Password Strength during Picture Password Composition
CHI '18: Proceedings of the 2018 CHI Conference on Human Factors in Computing SystemsVisual attention, search, processing and comprehension are important cognitive tasks during a graphical password composition activity. Aiming to shed light on whether individual differences on visual behavior affect the strength of the created passwords,...
Multiple password interference in text passwords and click-based graphical passwords
CCS '09: Proceedings of the 16th ACM conference on Computer and communications securityThe underlying issues relating to the usability and security of multiple passwords are largely unexplored. However, we know that people generally have difficulty remembering multiple passwords. This reduces security since users reuse the same password ...
Comments