Communications of the ACM
PassPoints: design and longitudinal evaluation of a graphical password system
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Graphical dictionaries and the memorable space of graphical passwords
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
On user choice in graphical password schemes
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Smudge attacks on smartphone touch screens
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
Do you see your password?: applying recognition to textual passwords
Proceedings of the Eighth Symposium on Usable Privacy and Security
NAPTune: fine tuning graphical authentication
Proceedings of the 3rd International Conference on Human Computer Interaction
Protection aspects of iconic passwords on mobile devices
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Making graphic-based authentication secure against smudge attacks
Proceedings of the 2013 international conference on Intelligent user interfaces
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Design of trustworthy smartphone-based multimedia services in cultural environments
Electronic Commerce Research
The influence of password restrictions and mnemonics on the memory for passwords of older adults
HCI International'13 Proceedings of the 15th international conference on Human Interface and the Management of Information: information and interaction design - Volume Part I
Hi-index | 0.00 |
Introduction Users of computer systems are accustomed to being asked for passwords -- it is as universal as it is frustrating. In the past there was little tolerance for the problems experienced remembering passwords, and many users still remember, with embarrassment, having to go hat-in-hand to request a password change and being treated with disdain by a lofty administrator. Latterly there is more understanding of the problems experienced by users, especially since the "password conundrum" has reached epidemic proportions for Web users, who are asked for passwords with unrelenting predictability. The problems with passwords are clear -- users cannot remember numbers of meaningless alphanumeric strings with ease. Hence, they react by choosing simple and predictable words or numbers related to their everyday life, and engaging in insecure practices, such as writing passwords down or sharing them. These practices cause a breach affecting even the most secure and protected network system. Hence the user is often called the weakest link of the security chain, with system administrators despairing of trying to maintain security with the weak link so often reaching breaking point. Users forgetting passwords has serious economical consequences for organizations. Both academia and industry have been investigating alternatives to passwords, with varying degrees of success. One of the most well-known solutions is the biometric -- measurement of either behavioral or physiological characteristics of the end-user. This is obviously superior to the password because it removes the burden on the user's memory. So why don't we just switch to biometrics and give the poor user a break? There are some valid and hard-to-overcome reasons for the slow uptake of biometrics, but before we can discuss them we need to consider the mechanics of authentication.