Advertisement

Security for Diversity: Studying the Effects of Verbal and Imagery Processes on User Authentication Mechanisms

  • Marios Belk
  • Christos Fidas
  • Panagiotis Germanakos
  • George Samaras
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8119)

Abstract

Stimulated by a large number of different theories on human cognition, suggesting that individuals have different habitual approaches in retrieving, recalling, processing and storing verbal and graphical information, this paper investigates the effect of such processes with regard to user performance and preference toward two variations of knowledge-based authentication mechanisms. In particular, a text-based password authentication mechanism and a recognition-based graphical authentication mechanism were deployed in the frame of an ecological valid user study, to investigate the effect of specific cognitive factors of users toward efficiency, effectiveness and preference of authentication tasks. A total of 145 users participated during a five-month period between February and June 2012. This recent study provides interesting insights for the design and deployment of adaptive authentication mechanisms based on cognitive factors of users. The results and implications of this paper are valuable in understanding and modeling user interactions with regard to authentication mechanisms.

Keywords

User Authentication Cognitive Factors Efficiency Effectiveness Preference Usable Security Diversity User Study 

References

  1. 1.
    Shay, R., Kelley, P., Komanduri, S., Mazurek, M., Ur, B., Vidas, T., Bauer, L., Christin, N., Cranor, L.: Correct Horse Battery Staple: Exploring the Usability of System-assigned Passphrases. In: ACM Symposium on Usable Privacy and Security, Article 7, 20 pages. ACM Press, New York (2012)Google Scholar
  2. 2.
    Komanduri, S., Shay, R., Kelley, P., Mazurek, M., Bauer, L., Christin, N., Cranor, L., Egelman, S.: Of Passwords and People: Measuring the Effect of Password-composition Policies. In: ACM International Conference on Human Factors in Computing Systems, pp. 2595–2604. ACM Press, New York (2011)Google Scholar
  3. 3.
    Inglesant, P., Sasse, A.: The True Cost of Unusable Password Policies: Password use in the Wild. In: ACM International Conference on Human Factors in Computing Systems, pp. 383–392. ACM Press, New York (2010)Google Scholar
  4. 4.
    Florencio, D., Herley, C.A.: Large-scale Study of Web Password Habits. In: ACM International Conference on World Wide Web, pp. 657–666. ACM Press, New York (2007)CrossRefGoogle Scholar
  5. 5.
    Adams, A., Sasse, A.: Users are not the Enemy: Why Users Compromise Security Mechanisms and How to Take Remedial Measures. J. Communications of the ACM 42(12), 40–46 (1999)CrossRefGoogle Scholar
  6. 6.
    Shay, R., Komanduri, S., Kelley, P., Leon, P., Mazurek, M., Bauer, L., Christin, N., Cranor, L.: Encountering Stronger Password Requirements: User Attitudes and Behaviors. In: ACM Symposium on Usable Privacy and Security, Article 2, 20 pages. ACM Press, New York (2010)Google Scholar
  7. 7.
    Bonneau, J., Herley, C., van Oorschot, P., Stajano, F.: The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes. In: IEEE Symposium on Security and Privacy, pp. 553–567. IEEE Computer Society, Washington, DC (2012)Google Scholar
  8. 8.
    LeBlanc, D., Forget, A., Biddle, R.: Guessing Click-based Graphical Passwords by Eye Tracking. In: IEEE International Conference on Privacy, Security and Trust, pp. 197–204. IEEE Computer Society, Washington, DC (2010)Google Scholar
  9. 9.
    Zhang, J., Luo, X., Akkaladevi, S., Ziegelmayer, J.: Improving Multiple-password Recall: An Empirical Study. J. Information Security 18(2), 165–176 (2009)Google Scholar
  10. 10.
    Angeli, A.D., Coventry, L., Johnson, G., Renaud, K.: Is a Picture Really Worth a Thousand Words? Exploring the Feasibility of Graphical Authentication Systems. J. Human-Computer Studies 63(1-2), 128–152 (2005)CrossRefGoogle Scholar
  11. 11.
    Everitt, K.M., Bragin, T., Fogarty, J., Kohno, T.A.: Comprehensive Study of Frequency, Interference, and Training of Multiple Graphical Passwords. In: ACM International Conference on Human Factors in Computing Systems, pp. 889–898. ACM Press, New York (2009)Google Scholar
  12. 12.
    Tullis, T.S., Tedesco, D.P., McCaffrey, K.E.: Can Users Remember their Pictorial Passwords Six Years Later. In: ACM International Conference on Human Factors in Computing Systems, pp. 1789–1794. ACM Press, New York (2011)Google Scholar
  13. 13.
    Biddle, R., Chiasson, S., van Oorschot, P.: Graphical Passwords: Learning from the First Twelve Years. J. ACM Computing Surveys 44(4), 41 pages (2012)Google Scholar
  14. 14.
    Brostoff, S., Sasse, M.A.: Are Passfaces More Usable than Passwords: A Field Trial Investigation. In: BCS International Conference on People and Computers, pp. 405–410. British Computer Society, UK (2000)Google Scholar
  15. 15.
    Passfaces Corporation. The science behind Passfaces, http://www.passfaces.com/enterprise/resources/whitepapers.htm
  16. 16.
    Everitt, K., Bragin, T., Fogarty, J., Kohno, T.: A Comprehensive Study of Frequency, Interference, and Training of Multiple Graphical Passwords. In: ACM International Conference on Human Factors in Computing Systems, pp. 889–898. ACM Press, New York (2009)Google Scholar
  17. 17.
    Stobert, E., Forget, A., Chiasson, S., van Oorschot, P., Biddle, R.: Exploring Usability Effects of Increasing Security in Click-based Graphical Passwords. In: ACM International Conference on Computer Security Applications Conference, pp. 79–88. ACM Press, New York (2010)Google Scholar
  18. 18.
    Jermyn, I., Mayer, A., Monrose, F., Reiter, M., Rubin, A.: The Design and Analysis of Graphical Passwords. In: USENIX Security Symposium, p. 1. USENIX Association, Berkley (1999)Google Scholar
  19. 19.
    Gao, H., Guo, X., Chen, X., Wang, L., Liu, X.: YAGP: Yet Another Graphical Password Strategy. In: IEEE International Conference on Computer Security Applications, pp. 121–129. IEEE Computer Society, Washington, DC (2008)Google Scholar
  20. 20.
    Tao, H., Adams, C.: Pass-Go: A Proposal to Improve the Usability of Graphical Passwords. J. Network Security 7(2), 273–292 (2008)Google Scholar
  21. 21.
    Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A., Memon, N.: Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice. In: ACM Symposium on Usable Privacy and Security, pp. 1–12. ACM Press, New York (2005)Google Scholar
  22. 22.
    Chiasson, S., Forget, A., Biddle, R., van Oorschot, P.: Influencing Users Towards Better Passwords: Persuasive Cued Click-Points. In: International Conference, B.C.S. on People and Computers, pp. 121–130. British Computer Society, UK (2008)Google Scholar
  23. 23.
    Bulling, A., Alt, F., Schmidt, A.: Increasing the Security of Gaze-based Cued-recall Graphical Passwords using Saliency Masks. In: ACM International Conference on Human Factors in Computing Systems, pp. 3011–3020. ACM Press, New York (2012)Google Scholar
  24. 24.
    Mihajlov, M., Jerman-Blazic, B.: On Designing Usable and Secure Recognition-based Graphical Authentication Mechanisms. J. Interacting with Computers 23(6), 582–593 (2011)CrossRefGoogle Scholar
  25. 25.
    Nicholson, J., Dunphy, P., Coventry, L., Briggs, P., Olivier, P.A.: Security Assessment of Tiles: a New Portfolio-based Graphical Authentication System. In: ACM International Conference on Human Factors in Computing Systems (Ext. Abstracts), pp. 1967–1972. ACM Press, New York (2012)Google Scholar
  26. 26.
    Forget, A., Chiasson, S., van Oorschot, P., Biddle, R.: Improving Text Passwords Through Persuasion. In: ACM International Symposium on Usable Privacy and Security, pp. 1–12. ACM Press, New York (2008)CrossRefGoogle Scholar
  27. 27.
    Wright, N., Patrick, A., Biddle, R.: Do You See Your Password?: Applying Recognition to Textual Passwords. In: ACM International Symposium on Usable Privacy and Security, Article 8, 14 pages. ACM Press, New York (2012)Google Scholar
  28. 28.
    Kuo, C., Romanosky, S., Cranor, L.: Human Selection of Mnemonic Phrase-based Passwords. In: ACM International Symposium on Usable Privacy and Security, pp. 67–78. ACM Press, New York (2006)CrossRefGoogle Scholar
  29. 29.
    Halderman, J.A., Waters, B., Felten, E.: Convenient Method for Securely Managing Passwords. In: ACM International Conference on World Wide Web, pp. 471–479. ACM Press, New York (2005)CrossRefGoogle Scholar
  30. 30.
    Chiasson, S., van Oorschot, P.C., Biddle, R.A.: Usability Study and Critique of Two Password Managers. In: USENIX Security Symposium, pp. 1–16. USENIX Association, Berkley (2006)Google Scholar
  31. 31.
    Brusilovsky, P., Kobsa, A., Nejdl, W.: The Adaptive Web: Methods and Strategies of Web Personalization. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  32. 32.
    Paivio, A.: Mind and Its Evolution: A Dual Coding Theoretical Approach. Lawrence, Erlbaum, Mahwah, NJ (2006)Google Scholar
  33. 33.
    Paivio, A., Csapo, K.: Picture Superiority in Free Recall: Imagery or Dual Coding? J. Cognitive Psychology 5(2), 176–206 (1973)CrossRefGoogle Scholar
  34. 34.
    Anderson, J.R.: Cognitive Psychology and its Implications, 7th edn. Worth Publishers, NY (2009)Google Scholar
  35. 35.
    Ally, B.A., Budson, A.E.: The Worth of Pictures: Using High Density Event Related Potentials to Understand the Memorial Power of Pictures and the Dynamics of Recognition Memory. J. NeuroImage 35, 378–395 (2007)CrossRefGoogle Scholar
  36. 36.
    Brady, T.F., Konkle, T., Alvarez, G.A., Oliva, A.: Visual Long-term Memory has a Massive Storage Capacity for Object Details. J. National Academy of Sciences 105(38), 14325–14329 (2008)CrossRefGoogle Scholar
  37. 37.
    Oates, J.M., Reder, L.M.: Memory for Pictures: Sometimes a Picture is not Worth a Single Word. In: Successful Remembering and Successful Forgetting: A Festschrift in Honor of Robert A. Bjork, pp. 447–462. J. Psychological Press (2010)Google Scholar
  38. 38.
    Robertson, E.K., Köhler, S.: Insights from Child Development on the Relationship between Episodic and Semantic Memory. J. Neuropsychologia 45(14), 3178–3189 (2007)CrossRefGoogle Scholar
  39. 39.
    Riding, R., Cheema, I.: Cognitive Styles – An Overview and Integration. J. Educational Psychology 11(3-4), 193–215 (1991)CrossRefGoogle Scholar
  40. 40.
    Peterson, E., Rayner, S., Armstrong, S.: Researching the Psychology of Cognitive Style and Learning Style: Is There Really a Future? J. Learning and Individual Differences 19(4), 518–523 (2009)CrossRefGoogle Scholar
  41. 41.
    Blazhenkova, O., Kozhevnikov, M.: The New Object-Spatial-Verbal Cognitive Style Model: Theory and Measurement. J. Applied Cognitive Psychology 23(5), 638–663 (2009)CrossRefGoogle Scholar
  42. 42.
    Peterson, E., Deary, I., Austin, E.: A New Reliable Measure of Verbal-Imagery Cognitive Style. J. Personality and Individual Differences 38, 1269–1281 (2005)CrossRefGoogle Scholar
  43. 43.
    Riding, R.: Cognitive Styles Analysis. Learning and Training Technology. Birmingham, UK (2001)Google Scholar
  44. 44.
    Kozhevnikov, M.: Cognitive Styles in the Context of Modern Psychology: Toward an Integrated Framework of Cognitive Style. J. Psychological Bulletin 133(3), 464–481 (2007)MathSciNetCrossRefGoogle Scholar
  45. 45.
    McAvinue, L.P., Robertson, I.H.: Measuring Visual Imagery Ability: A Review. J. Imagination, Cognition and Personality 26, 191–211 (2007)CrossRefGoogle Scholar
  46. 46.
    Kinley, K., Tjondronegoro, D., Partridge, H.: Web Searching Interaction Model based on User Cognitive Styles. In: ACM International Conference of SIGCHI Australia on Computer-Human Interaction, pp. 340–343. ACM Press, New York (2010)Google Scholar
  47. 47.
    Tavassoli, N.: Temporal and Associative Memory in Chinese and English. J. Consumer Research 26(2), 170–181 (1999)CrossRefGoogle Scholar
  48. 48.
    Herley, C., van Oorschot, P.: A Research Agenda Acknowledging the Persistence of Passwords. J. Security and Privacy 10(1), 28–36 (2012)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Marios Belk
    • 1
  • Christos Fidas
    • 1
    • 2
  • Panagiotis Germanakos
    • 1
    • 3
  • George Samaras
    • 1
  1. 1.Department of Computer ScienceUniversity of CyprusNicosiaCyprus
  2. 2.Interactive Technologies Lab, HCI Group, Electrical and Computer Engineering DepartmentUniversity of PatrasPatrasGreece
  3. 3.SAP AGWalldorfGermany

Personalised recommendations