Centered discretization with application to graphical passwords (full paper)

Authors:
Sonia Chiasson;Jayakumar Srinivasan;Robert Biddle;P. C. van Oorschot
Affiliations:
Carleton University, Ottawa, Canada;Toronto, Canada;Carleton University, Ottawa, Canada;Carleton University, Ottawa, Canada
Venue:
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Year:
2008

Citing 9
Cited 7

Authentication using graphical passwords: effects of tolerance and image choice

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
PassPoints: design and longitudinal evaluation of a graphical password system

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Graphical Passwords: A Survey

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
The design and analysis of graphical passwords

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A second look at the usability of click-based graphical passwords

Proceedings of the 3rd symposium on Usable privacy and security
Modeling user choice in the PassPoints graphical password scheme

Proceedings of the 3rd symposium on Usable privacy and security
Human-seeded attacks and exploiting hot-spots in graphical passwords

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Graphical passwords based on robust discretization

IEEE Transactions on Information Forensics and Security
Graphical password authentication using cued click points

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Input precision for gaze-based graphical passwords

CHI '10 Extended Abstracts on Human Factors in Computing Systems
Graphical passwords: Learning from the first twelve years

ACM Computing Surveys (CSUR)
Video-passwords: advertising while authenticating

Proceedings of the 2012 workshop on New security paradigms
Security implications of password discretization for click-based graphical passwords

Proceedings of the 22nd international conference on World Wide Web
Exploring the design space of graphical passwords on smartphones

Proceedings of the Ninth Symposium on Usable Privacy and Security
Usability and security evaluation of GeoPass: a geographic location-password scheme

Proceedings of the Ninth Symposium on Usable Privacy and Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Discretization is used in click-based graphical passwords so that approximately correct entries can be accepted by the system. We show that the existing discretization scheme of Birget et al. (2006) allows for false accepts and false rejects because the tolerance region is not guaranteed to be centered on the original click-point, causing usability and security concerns. Using empirical data from a large user study, we show that this is a significant issue in practice. We then introduce Centered Discretization, a simpler discretization method that eliminates false accepts and false rejects. It also allows for smaller tolerance regions without impacting the usability of the system.