Communications of the ACM
OPUS: preventing weak password choices
Computers and Security
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Doodling our way to better authentication
CHI '02 Extended Abstracts on Human Factors in Computing Systems
A note on proactive password checking
Proceedings of the 2001 workshop on New security paradigms
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Securing passwords against dictionary attacks
Proceedings of the 9th ACM conference on Computer and communications security
Performance Analysis and Parallel Implementation of Dedicated Hash Functions
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Towards stronger user authentication
Towards stronger user authentication
Towards Secure Design Choices for Implementing Graphical Passwords
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
A convenient method for securely managing passwords
WWW '05 Proceedings of the 14th international conference on World Wide Web
PassPoints: design and longitudinal evaluation of a graphical password system
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Human selection of mnemonic phrase-based passwords
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
On countering online dictionary attacks with login histories and humans-in-the-loop
ACM Transactions on Information and System Security (TISSEC)
Déjà Vu: a user study using images for authentication
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Graphical dictionaries and the memorable space of graphical passwords
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
On user choice in graphical password schemes
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A future-adaptive password scheme
ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference
Graphical passwords based on robust discretization
IEEE Transactions on Information Forensics and Security
Towards practical biometric key generation with randomized biometric templates
Proceedings of the 15th ACM conference on Computer and communications security
PassShapes: utilizing stroke based authentication to increase password memorability
Proceedings of the 5th Nordic conference on Human-computer interaction: building bridges
Purely automated attacks on passpoints-style graphical passwords
IEEE Transactions on Information Forensics and Security
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
ICDCIT'12 Proceedings of the 8th international conference on Distributed Computing and Internet Technology
Graphical passwords: Learning from the first twelve years
ACM Computing Surveys (CSUR)
PassChords: secure multi-touch authentication for blind people
Proceedings of the 14th international ACM SIGACCESS conference on Computers and accessibility
A pilot study on the security of pattern screen-lock methods and soft side channel attacks
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
Improving user authentication on mobile devices: a touchscreen graphical password
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Proceedings of the 15th international conference on Human-computer interaction with mobile devices and services
Exploring the design space of graphical passwords on smartphones
Proceedings of the Ninth Symposium on Usable Privacy and Security
Memory retrieval and graphical passwords
Proceedings of the Ninth Symposium on Usable Privacy and Security
On the security of picture gesture authentication
SEC'13 Proceedings of the 22nd USENIX conference on Security
A VISION BASED GRAPHICAL PASSWORD
Journal of Integrated Design & Process Science
Hi-index | 0.00 |
In commonplace text-based password schemes, users typically choose passwords that are easy to recall, exhibit patterns, and are thus vulnerable to brute-force dictionary attacks. This leads us to ask whether other types of passwords (e.g., graphical) are also vulnerable to dictionary attack because of users tending to choose memorable passwords. We suggest a method to predict and model a number of such classes for systems where passwords are created solely from a user's memory. We hypothesize that these classes define weak password subspaces suitable for an attack dictionary. For user-drawn graphical passwords, we apply this method with cognitive studies on visual recall. These cognitive studies motivate us to define a set of password complexity factors (e.g., reflective symmetry and stroke count), which define a set of classes. To better understand the size of these classes and, thus, how weak the password subspaces they define might be, we use the “Draw-A-Secret” (DAS) graphical password scheme of Jermyn et al. [1999] as an example. We analyze the size of these classes for DAS under convenient parameter choices and show that they can be combined to define apparently popular subspaces that have bit sizes ranging from 31 to 41—a surprisingly small proportion of the full password space (58 bits). Our results quantitatively support suggestions that user-drawn graphical password systems employ measures, such as graphical password rules or guidelines and proactive password checking.