Abstract
Today, most Internet applications still establish user authentication with traditional text based passwords. Designing a secure as well as a user-friendly password-based method has been on the agenda of security researchers for a long time. On one hand, there are password manager programs which facilitate generating site-specific strong passwords from a single user password to eliminate the memory burden due to multiple passwords. On the other hand, there are studies exploring the viability of graphical passwords as a more secure and user-friendly alternative. In this paper, we present GPEX, a password manager program implemented as a web browser plug-in to enable using graphical passwords to secure Internet applications without any need to change their authentication interface. Experimental results show that GPEX has security and usability advantages over other password manager plug-ins. specifically; we find that with the visual interface of GPEX, users have a more complete and accurate mental model of the system and incorrect login attempts causing security exposures can easily be avoided.
This research is supported by TUBÄ°TAK (The Scientific and Technological Research Council of Turkey) under project number 107E227.
Chapter PDF
Similar content being viewed by others
References
Madigan, S.: Picture Memory. In: Yuille, J.C. (ed.) Imagery, Memory and Cognition, pp. 65–89. Lawrence Erlbaum Associates, NJ (1983)
Thorpe, J., van Oorschot, P.C.: Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. In: 16th Usenix Security Symposium, Boston, USA, pp. 103–118 (2007)
Ross, B., Jackson, C., Miyake, N., Boneh, D., Mitchell, J.: Stronger password authentication using browser extensions. In: Proceedings of the 14th USENIX Security Symposium, Baltimore, USA (2005)
Halderman, J., Waters, B., Felten, E.: A convenient method for securely managing passwords. In: Proceedings of the 14th International World Wide Web Conference (2005)
Chiasson, S., van Oorschot, P.C., Biddle, R.: A Usability Study and Critique of Two Password Managers. In: 15th USENIX Security Symposium 2006, Vancouver, Canada (2006)
Likert, R.: A technique for the measurement of attitudes. Arch. Psychol. 140, I–5.5 (1932)
Nielsen, J., Mack, R.L.: Usability Inspection Methods. John Wiley & Sons, Inc., Chichester (1994)
Cranor, L.F., Garfinkel, S.: Security and Usability:Designing Systems that People Can Use, edited collection edn. O’Reilly Media, Sebastopol (2005)
Bicakci, K.: Optimal Discretization for High-Entropy Graphical Passwords. In: 23rd International Symposium on Computer and Information Sciences, IEEE ISCIS 2008, Istanbul, Turkey, October 27-29 (2008)
Birget, J.C., Hong, D., Memon, N.: Graphical Passwords Based on Robust Discretization. IEEE Transactions on Information Forensics and Security 1(3), 395–399 (2006)
Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., Memon, N.: PassPoints: Design and longitudinal evaluation of a graphical password system. International J. of Human-Computer Studies (Special Issue on HCI Research in Privacy and Security)Â 63 (2005)
Chiasson, S., van Oorschot, P.C., Biddle, R.: Graphical Password Authentication Using Cued Click Points. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 359–374. Springer, Heidelberg (2007)
Chiasson, S., Forget, A., Biddle, R., van Oorschot, P.C.: Influencing Users Towards Better Passwords: Persuasive Cued Click-Points. In: HCI 2008, Liverpool, UK, September 1-5 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Bicakci, K., Yuceel, M., Erdeniz, B., Gurbaslar, H., Atalay, N.B. (2009). Graphical Passwords as Browser Extension: Implementation and Usability Study. In: Ferrari, E., Li, N., Bertino, E., Karabulut, Y. (eds) Trust Management III. IFIPTM 2009. IFIP Advances in Information and Communication Technology, vol 300. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02056-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-02056-8_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02055-1
Online ISBN: 978-3-642-02056-8
eBook Packages: Computer ScienceComputer Science (R0)