Doodling our way to better authentication
CHI '02 Extended Abstracts on Human Factors in Computing Systems
A note on proactive password checking
Proceedings of the 2001 workshop on New security paradigms
Securing passwords against dictionary attacks
Proceedings of the 9th ACM conference on Computer and communications security
Performance Analysis and Parallel Implementation of Dedicated Hash Functions
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Towards stronger user authentication
Towards stronger user authentication
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
On user choice in graphical password schemes
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Fast dictionary attacks on passwords using time-space tradeoff
Proceedings of the 12th ACM conference on Computer and communications security
Pass-thoughts: authenticating with our minds
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
On predictive models and user-drawn graphical passwords
ACM Transactions on Information and System Security (TISSEC)
Do background images improve "draw a secret" graphical passwords?
Proceedings of the 14th ACM conference on Computer and communications security
Human-seeded attacks and exploiting hot-spots in graphical passwords
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Use Your Illusion: secure authentication usable anywhere
Proceedings of the 4th symposium on Usable privacy and security
Action-based user authentication
International Journal of Electronic Security and Digital Forensics
POSH: a generalized captcha with security applications
Proceedings of the 1st ACM workshop on Workshop on AISec
WSEAS Transactions on Information Science and Applications
The design and implementation of background Pass-Go scheme towards security threats
WSEAS Transactions on Information Science and Applications
Background pass-go (BPG), a new approach for GPS
ICCOMP'08 Proceedings of the 12th WSEAS international conference on Computers
Guidelines for designing graphical authentication mechanism interfaces
International Journal of Information and Computer Security
Visual passwords: cure-all or snake-oil?
Communications of the ACM - Finding the Fun in Computer Science Education
Graphical passwords: drawing a secret with rotation as a new degree of freedom
AsiaCSN '07 Proceedings of the Fourth IASTED Asian Conference on Communication Systems and Networks
Smudge attacks on smartphone touch screens
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
On designing usable and secure recognition-based graphical authentication mechanisms
Interacting with Computers
Shoulder surfing defence for recall-based graphical passwords
Proceedings of the Seventh Symposium on Usable Privacy and Security
Graphical passwords: Learning from the first twelve years
ACM Computing Surveys (CSUR)
An enhanced drawing reproduction graphical password strategy
Journal of Computer Science and Technology - Special issue on Natural Language Processing
Goals and Practices in Maintaining Information Systems Security
International Journal of Information Security and Privacy
Picassopass: a password scheme using a dynamically layered combination of graphical elements
CHI '13 Extended Abstracts on Human Factors in Computing Systems
Exploring the design space of graphical passwords on smartphones
Proceedings of the Ninth Symposium on Usable Privacy and Security
On the security of picture gesture authentication
SEC'13 Proceedings of the 22nd USENIX conference on Security
A VISION BASED GRAPHICAL PASSWORD
Journal of Integrated Design & Process Science
Hi-index | 0.01 |
In commonplace textual password schemes, users choose passwords that are easy to recall. Since memorable passwords typically exhibit patterns, they are exploitable by brute-force password crackers using attack dictionaries. This leads us to ask what classes of graphical passwords users find memorable. We postulate one such class supported by a collection of cognitive studies on visual recall, which can be characterized as mirror symmetric (reflective) passwords. We assume that an attacker would put this class in an attack dictionary for graphical passwords and propose how an attacker might order such a dictionary. We extend the existing analysis of graphical passwords by analyzing the size of the mirror symmetric password space relative to the full password space of the graphical password scheme of Jermyn et al. (1999), and show it to be exponentially smaller (assuming appropriate axes of reflection). This reduction in size can be compensated for by longer passwords: the size of the space of mirror symmetric passwords of length about L + 5 exceeds that of the full password space for corresponding length L ≤ 14 on a 5 × 5 grid. This work could be used to help in formulating password rules for graphical password users and in creating proactive graphical password checkers.