Towards Secure Design Choices for Implementing Graphical Passwords
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Handbook Of Pattern Recognition And Computer Vision
Handbook Of Pattern Recognition And Computer Vision
Authentication using graphical passwords: effects of tolerance and image choice
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
ICCIT '08 Proceedings of the 2008 Third International Conference on Convergence and Hybrid Information Technology - Volume 02
Towards Automating Social Engineering Using Social Networking Sites
CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 03
Hi-index | 0.00 |
We present an information-theoretic discussion of authentication via graphical passwords, and devise a model for entropy estimation. Our results make face-recognition based authentication comparable to standard password authentication in terms of uncertainty (Shannon-entropy) that an adversary is confronted with in both situations. It is widely known that cognitive abilities strongly determine the choice of alphanumeric passwords as well as graphical passwords, and we discuss various selected psychological aspects that influence the selection process. As a central result, we obtain a theoretical limit to the entropy of a face-recognition based authentication in the light of some social engineering techniques (dictionary attacks on graphical passwords). Remarkably, our results hold independently of any information that can be obtained from the internet or through other forms of social engineering. Thus, we obtain very general bounds on the quality of authentication through face-recognition that solely depend on the authentication mechanism.