A Computational Approach to Edge Detection
IEEE Transactions on Pattern Analysis and Machine Intelligence
SIMPLIcity: Semantics-Sensitive Integrated Matching for Picture LIbraries
IEEE Transactions on Pattern Analysis and Machine Intelligence
Photographic Authentication through Untrusted Terminals
IEEE Pervasive Computing
Using personal photos as pictorial passwords
CHI '05 Extended Abstracts on Human Factors in Computing Systems
PassPoints: design and longitudinal evaluation of a graphical password system
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Cognitive Authentication Schemes Safe Against Spyware (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
It's worth the hassle!: the added value of evaluating the usability of mobile systems in the field
Proceedings of the 4th Nordic conference on Human-computer interaction: changing roles
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
On user choice in graphical password schemes
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Cryptanalysis of a Cognitive Authentication Scheme (Extended Abstract)
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
A second look at the usability of click-based graphical passwords
Proceedings of the 3rd symposium on Usable privacy and security
Modeling user choice in the PassPoints graphical password scheme
Proceedings of the 3rd symposium on Usable privacy and security
Proceedings of the 3rd symposium on Usable privacy and security
Human-seeded attacks and exploiting hot-spots in graphical passwords
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Secure roaming with identity metasystems
Proceedings of the 7th symposium on Identity and trust on the Internet
Securing passfaces for description
Proceedings of the 4th symposium on Usable privacy and security
Use Your Illusion: secure authentication usable anywhere
Proceedings of the 4th symposium on Usable privacy and security
A comprehensive study of frequency, interference, and training of multiple graphical passwords
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Can i borrow your phone?: understanding concerns when sharing mobile phones
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Multi-touch authentication on tabletops
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Why it's worth the hassle: the value of in-situ studies when designing Ubicomp
UbiComp '07 Proceedings of the 9th international conference on Ubiquitous computing
Usability analysis of secure pairing methods
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Phoolproof phishing prevention
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
On designing usable and secure recognition-based graphical authentication mechanisms
Interacting with Computers
Proceedings of the 2011 workshop on New security paradigms workshop
ICDCIT'12 Proceedings of the 8th international conference on Distributed Computing and Internet Technology
A security assessment of tiles: a new portfolio-based graphical authentication system
CHI '12 Extended Abstracts on Human Factors in Computing Systems
Policy-by-example for online social networks
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Eighty something: banking for the older old
BCS-HCI '11 Proceedings of the 25th BCS Conference on Human-Computer Interaction
Graphical passwords: Learning from the first twelve years
ACM Computing Surveys (CSUR)
Goldilocks and the two mobile devices: going beyond all-or-nothing access to a device's applications
Proceedings of the Eighth Symposium on Usable Privacy and Security
Distinguishing users with capacitive touch communication
Proceedings of the 18th annual international conference on Mobile computing and networking
You only live twice or "the years we wasted caring about shoulder-surfing"
BCS-HCI '12 Proceedings of the 26th Annual BCS Interaction Specialist Group Conference on People and Computers
Password entry usability and shoulder surfing susceptibility on different smartphone platforms
Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia
WYSWYE: shoulder surfing defense for recognition based graphical passwords
Proceedings of the 24th Australian Computer-Human Interaction Conference
On automated image choice for secure and usable graphical passwords
Proceedings of the 28th Annual Computer Security Applications Conference
Biometric authentication on a mobile device: a study of user effort, error and task disruption
Proceedings of the 28th Annual Computer Security Applications Conference
Protection aspects of iconic passwords on mobile devices
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Back-of-device authentication on smartphones
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Improving user authentication on mobile devices: a touchscreen graphical password
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Know your enemy: the risk of unauthorized access in smartphones by insiders
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Modifying smartphone user locking behavior
Proceedings of the Ninth Symposium on Usable Privacy and Security
Exploring the design space of graphical passwords on smartphones
Proceedings of the Ninth Symposium on Usable Privacy and Security
Hi-index | 0.00 |
Graphical password systems based on the recognition of photographs are candidates to alleviate current over-reliance on alphanumeric passwords and PINs. However, despite being based on a simple concept -- and user evaluations consistently reporting impressive memory retention -- only one commercial example exists and overall take-up is low. Barriers to uptake include a perceived vulnerability to observation attacks; issues regarding deployability; and the impact of innocuous design decisions on security not being formalized. Our contribution is to dissect each of these issues in the context of mobile devices -- a particularly suitable application domain due to their increasing significance, and high potential to attract unauthorized access. This produces: 1) A novel yet simple solution to the intersection attack that permits greater variability in login challenges; 2) Detailed analysis of the shoulder surfing threat that considers both simulated and human testing; 3) A first look at image processing techniques to contribute towards automated photograph filtering. We operationalize our observations and gather data in a field context where decentralized mechanisms of varying entropy were installed on the personal devices of participants. Across two working weeks success rates collected from users of a high entropy version were similar to those of a low entropy version at 77%, and login durations decreased significantly across the study.