Abstract
The paper explores one of the graphical authentication techniques as the possible solution to the most important problems of traditional passwords. The aim of this work is to bring together the technical (cryptological) and non-technical (psychological) awareness into the research on passwords (click passwords in this case). Security issues of any authentication mechanism (relying on knowledge) should not be considered without analysis of the human factor − since the users’ human nature was identified as a source of major weaknesses of conventional authentication. The paper deals with techniques which reduce password space and make passwords guesses feasible. Four types of pictures areas (of graphical interfaces) were investigated in order to bring to light common vulnerabilities − three of them were identified as types, which the graphical keypads should avoid. Statistics exposing strong tendentiousness in click passwords selection were presented as well. Furthermore, the paper presents a discussion on several issues of title authentication with regard to traditional passwords and other graphical techniques.
Chapter PDF
Similar content being viewed by others
Keywords
References
Schneier, B.: Real-World Passwords. Crypto-Gram Newsletter (December 15, 2006)
Magalhaes, S.T., Revett, K., Santos, H.D.: Generation of Authentication Strings From Graphic Keys. International Journal of Computer Science and Network Security 6(3B), 240–246 (2006)
Brown, A.S., Bracken, E., Zoccoli, S., Douglas, K.: Generating and remembering passwords. Applied Cognitive Psychology 18, 641–651 (2004)
Carstens, D.S., McCauley-Bell, P., Malone, L.C., DeMara, R.F.: Evaluation of the Human Impact of Password Authentication Practices on Information Security. Informing Science Journal 7, 67–85 (2004)
Zviran, M., Haga, W.J.: User authentication by cognitive passwords: an empirical assessment. JCIT 5, 137–144 (1990)
Jansen, W., Gavrila, S., Korolev, V., Ayers, R., Swanstrom, R.: Picture Password: A Visual Login Technique for Mobile Devices. National Institute of Standards and Technology, NISTIR 7030
Zhi, L., Qibin, S., Yong, L., Giusto, D.D.: An Association-Based Graphical Password Design Resistant To Shoulder-Surfing Attack. In: ICME. IEEE International Conference on Multimedia and Expo, IEEE Computer Society Press, Los Alamitos (2005)
Weinshall, D., Kirkpatrick, S.: Passwords You’ll Never Forget, but Can’t Recall. In: CHI. Proceedings of Conference on Human Factors in Computing Systems, Vienna, Austria, pp. 1399–1402 (2004)
Goofit, K.: Picture Passwords Superiority and Picture Passwords Dictionary Attacks (article seems to appear on SIS 2007)
Paulson, L.D.: Taking a graphical approach to the password. Computer 35 (2002)
Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: Authentication using graphical passwords: Basic results. In: HCII 2005. Human-Computer Interaction International, Las Vegas (July 25-27, 2005)
Kirovski, D., Nebojsa, J., Roberts, P.: Click Passwords. Security and Privacy in Dynamic Env. 201, 351–363 (2006)
Dhamija, R., Perrig, A., Déjà Vu, A.: A User Study Using Images for Authentication. In: Proceedings of the 9th USENIX Security Symposium (2000)
Davis, D., Monrose, F., Reiter, M.K.: On User Choice in Graphical Password Schemes. In: Proceedings of the 13th USENIX Security Symposium, pp. 151–164 (August 2004)
Suo, X.: A Design and Analysis of Graphical Password. M.Sc. thesis, Georgia State University (2006)
Tricerion: The Usability of Picture Passwords (April 2007), http://www.tricerion.com/
Angeli, A., Coventry, L., Johnson, G.I., Coutts, M.: Usability and user authentication: Pictorial passwords vs. PIN. In: McCabe, P.T. (ed.) Contemporary Ergonomics, pp. 253–258. Taylor & Francis, London (2003)
Jermyn, I., Mayer, A., Monrose, F., Reiter, M., Rubin, A.: The design and analysis of graphical passwords. In: USENIX (1998)
Syukri, A.F., Okamoto, E., Mambo, M.A: User Identification System Using Signature Written with Mouse. In: Boyd, C., Dawson, E. (eds.) ACISP 1998. LNCS, vol. 1438, pp. 403–441. Springer, Heidelberg (1998)
Stubblefield, A., Simon, D.R.: Inkblot Authentication. Microsoft Technical Report MSR-TR-2004-85 (2004)
Tao, H.: Pass-Go, a New Graphical Password Scheme. Master thesis, Univeristy of Ottawa, Ontario, Canada (June 2006)
Nelson, D.L., Reed, U.S., Walling, J.R.: Picture superiority effect. Journal of Experimental Psychology: Human Learning & Memory 2, 523–528 (1976)
Paivio, A.: Imagery and verbal processes. Holt, Rinehart & Winston, New York (1971)
Paivio, A.: Mental representations: A dual-coding approach. Oxford University Press, New York (1986)
Mandler, J., Ritchey, G.: Long-term memory for pictures. Journal of Experimental Psychology: Human Learning and Memory, 386–396 (1977)
Bower, G.H., Karlin, M.B., Dueck, A.: Comprehension and Memory For Pictures. Memory and Cognition 3, 216–220 (1975)
Long, D.L., Prat, C.S.: Memory for Star Trek: The Role of Prior Knowledge Recognition Revisited. Journal of Experimental Psychology: Learning, Memory, and Cognition 28(6), 1073–1082 (2002)
Kroll, J.F., Potter, M.C.: Recognizing words, Pictures, and Concepts - A Comparison of Lexical, Object, and Reality Decisions. Journal Of Verbal Learning And Verbal Behavior 23, 39–66 (1984)
Pezdek, K., Maki, R., Valencia-Laver, D., Whetstone, T., Stoeckert, J., Dougherty, T.: Picture Memory: Recognizing Added and Deleted Details. Journal of experimental psychology. Learning, memory, and cognition 14(3), 468–476 (1988)
Attneave, F.: Symmetry, Information and Memory Patterns. American Journal of Psychology 68, 209–222 (1955)
Childers, T.L., Houston, M.J.: Conditions for a Picture-Superiority Effect on Consumer Memory. Journal of Consumer Research 11, 643–654 (1984)
Jakub600, Wilanów: Graphical material (processed and published with author’s consent) All rights reserved, http://www.obiektywni.pl
CorelDRAW: Clipart and Photos. Graphical material used for research comes from CorelDRAW distribution (license for ISE PW). All rights reserved
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gołofit, K. (2007). Click Passwords Under Investigation. In: Biskup, J., López, J. (eds) Computer Security – ESORICS 2007. ESORICS 2007. Lecture Notes in Computer Science, vol 4734. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74835-9_23
Download citation
DOI: https://doi.org/10.1007/978-3-540-74835-9_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74834-2
Online ISBN: 978-3-540-74835-9
eBook Packages: Computer ScienceComputer Science (R0)