Communications of the ACM
Communications of the ACM
The Art of Deception: Controlling the Human Element of Security
The Art of Deception: Controlling the Human Element of Security
CHI '03 Extended Abstracts on Human Factors in Computing Systems
Dissecting Computer Fraud: From Definitional Issues to a Taxonomy
HICSS '04 Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 7 - Volume 7
The domino effect of password reuse
Communications of the ACM - Human-computer etiquette
Password policy: the good, the bad, and the ugly
WISICT '04 Proceedings of the winter international synposium on Information and communication technologies
Passwords you'll never forget, but can't recall
CHI '04 Extended Abstracts on Human Factors in Computing Systems
Guest Editors' Introduction: Secure or Usable?
IEEE Security and Privacy
Password Memorability and Security: Empirical Results
IEEE Security and Privacy
CITC5 '04 Proceedings of the 5th conference on Information technology education
A PIN-entry method resilient against shoulder surfing
Proceedings of the 11th ACM conference on Computer and communications security
Hacking human: data-archaeology and surveillance in social networks
ACM SIGGROUP Bulletin - Special issue on virtual communities
An investigation into keystroke latency metrics as an indicator of programming performance
ACE '05 Proceedings of the 7th Australasian conference on Computing education - Volume 42
PassPoints: design and longitudinal evaluation of a graphical password system
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Security and Usability
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
On user choice in graphical password schemes
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
VIP: a visual approach to user authentication
Proceedings of the Working Conference on Advanced Visual Interfaces
Improving password security and memorability to protect personal and organizational information
International Journal of Human-Computer Studies
Order and entropy in picture passwords
GI '08 Proceedings of graphics interface 2008
A comprehensive study of frequency, interference, and training of multiple graphical passwords
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Guidelines for designing graphical authentication mechanism interfaces
International Journal of Information and Computer Security
Proceedings of the 23rd British HCI Group Annual Conference on People and Computers: Celebrating People and Technology
Multi-touch authentication on tabletops
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Shoulder-surfing resistance with eye-gaze entry in cued-recall graphical passwords
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Secure passwords through enhanced hashing
LISA'09 Proceedings of the 23rd conference on Large installation system administration
Towards inclusive identity management
Identity in the Information Society
On designing usable and secure recognition-based graphical authentication mechanisms
Interacting with Computers
Breaking undercover: exploiting design flaws and nonuniform human behavior
Proceedings of the Seventh Symposium on Usable Privacy and Security
Shoulder surfing defence for recall-based graphical passwords
Proceedings of the Seventh Symposium on Usable Privacy and Security
A simple modeling method for mobile password schemes and its analysis
Proceedings of the 9th International Conference on Advances in Mobile Computing and Multimedia
Security in context: investigating the impact of context on attitudes towards biometric technology
BCS '10 Proceedings of the 24th BCS Interaction Specialist Group Conference
Shoulder-Surfing safe login in a partially observable attacker model
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A security assessment of tiles: a new portfolio-based graphical authentication system
CHI '12 Extended Abstracts on Human Factors in Computing Systems
Graphical passwords: Learning from the first twelve years
ACM Computing Surveys (CSUR)
NordSec'11 Proceedings of the 16th Nordic conference on Information Security Technology for Applications
Graphical password authentication using cued click points
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Password entry usability and shoulder surfing susceptibility on different smartphone platforms
Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia
NAPTune: fine tuning graphical authentication
Proceedings of the 3rd International Conference on Human Computer Interaction
WYSWYE: shoulder surfing defense for recognition based graphical passwords
Proceedings of the 24th Australian Computer-Human Interaction Conference
User Perceptions of Security Technologies
International Journal of Information Security and Privacy
Back-of-device authentication on smartphones
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Proximity sensor: privacy-aware location sharing
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Proceedings of the 19th annual international conference on Mobile computing & networking
Exploring the design space of graphical passwords on smartphones
Proceedings of the Ninth Symposium on Usable Privacy and Security
| Hi-index | 0.00 |
Previous research has found graphical passwords to be more memorable than non-dictionary or "strong" alphanumeric passwords. Participants in a prior study expressed concerns that this increase in memorability could also lead to an increased susceptibility of graphical passwords to shoulder-surfing. This appears to be yet another example of the classic trade-off between usability and security for authentication systems. This paper explores whether graphical passwords' increased memorability necessarily leads to risks of shoulder-surfing. To date, there are no studies examining the vulnerability of graphical versus alphanumeric passwords to shoulder-surfing.This paper examines the real and perceived vulnerability to shoulder-surfing of two configurations of a graphical password, Passfaces™[30], compared to non-dictionary and dictionary passwords. A laboratory experiment with 20 participants asked them to try to shoulder surf the two configurations of Passfaces™ (mouse versus keyboard data entry) and strong and weak passwords. Data gathered included the vulnerability of the four authentication system configurations to shoulder-surfing and study participants' perceptions concerning the same vulnerability. An analysis of these data compared the relative vulnerability of each of the four configurations to shoulder-surfing and also compared study participants' real and perceived success in shoulder-surfing each of the configurations. Further analysis examined the relationship between study participants' real and perceived success in shoulder-surfing and determined whether there were significant differences in the vulnerability of the four authentication configurations to shoulder-surfing.Findings indicate that configuring data entry for Passfaces™ through a keyboard is the most effective deterrent to shoulder-surfing in a laboratory setting and the participants' perceptions were consistent with that result. While study participants believed that Passfaces™ with mouse data entry would be most vulnerable to shoulder-surfing attacks, the empirical results found that strong passwords were actually more vulnerable.