Abstract
Authentication using images or graphical passwords is one of the possible alternatives for traditional authentication based upon passwords. This study aims to investigate the practicality of giving guidelines or advice to users before they start choosing their image passwords, the effectiveness of using a smaller tolerance (clickable areas) and the optimum combination of click and image passwords. An alternative graphical prototype known as the Enhanced Graphical Authentication Scheme (EGAS) was developed in order to achieve these aims which implemented two different types of data collection (internal and external). From the findings, both internal and external groups indicated that the implementation of guidelines alone cannot guarantee the security of image passwords created by participants; but, in combination with other usability measurements this study has shown positive outcomes.
Keywords
Chapter PDF
References
De Angeli, A., Coventry, L., Johnson, G., Renaud, K.: Is a picture really worth a thousand words? Reflecting on the usability of graphical authentication systems. International Journal of Human Computer Studies 63(2), 128–152 (2005)
Chiasson, S., Oorschot, P.C.V., Biddle, R.: Graphical password authentication using cued click points. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 359–374. Springer, Heidelberg (2007)
Hinds, C., Ekwueme, C.: Increasing security and usability of computer systems with graphical password. In: ACM Southeast Regional Conference, Winston-Salem, North Carolina, USA, pp. 529–530. ACM, New York (2007)
Chiasson, S., Forget, A., Biddle, R., Oorschot, P.C.V.: User interface design affects security: Patterns in click-based graphical passwords. International Journal of Information Security 8(6), 387–398 (2009)
Wiedenbeck, S., Waters, J., Birget, J.-C., Brodskiy, A., Memon, N.: PassPoints: design and longitudinal evaluation of a graphical password system. International Journal of Human Computer Studies 63, 102–127 (2005)
Oorschot, P.C.V., Salehi-Abari, A., Thorpe, J.: Purely automated attacks on Passpoints-style graphical passwords. Transactions on Information Forensics and Security 5(3), 393–405 (2010)
Davis, D., Monrose, F., Reiter, M.K.: On user choice in graphical password schemes. In: Proceedings of the 13th USENIX Security Symposium, California, USA, August 9-13, pp. 1–11. USENIX Association (2004)
Tullis, T.S., Tedesco, D.P.: Using personal photos as pictorial passwords. In: CHI 2005 Extended Abstracts on Human Factors in Computing Systems, Portland, Oregon, USA, pp. 1841–1844. ACM, New York (2005)
Everitt, K.M., Bragin, T., Fogarty, J., Kohno, T.: A comprehensive study of frequency, interference, and training of multiple graphical passwords. In: Proceedings of the 27th International Conference on Human Factors in Computing Systems, Boston, MA, USA, pp. 889–898. ACM, New York (2009)
Dirik, A.E., Memon, N., Birget, J.-C.: Modelling user choice in the Passpoints graphical password scheme. Paper presented at the Symposium on Usable Privacy and Security, Pittsburgh, PA, USA, July 18-20 (2007)
Gołofit, K.: Click passwords under investigation. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 343–358. Springer, Heidelberg (2007)
Golofit, K.: Picture passwords superiority and picture passwords dictionary attacks. Journal of Information Assurance and Security 2, 179–183 (2007)
Peach, S., Voster, J., Heerden, R.V.: Heuristic Attacks against graphical password generators. In: Clarke, N., Furnell, S., Solms, R.V. (eds.) Proceedings of the South African Information Security Multi-Conference (SAISMC 2010), Port Elizabeth, South Africa, pp. 272–284. University of Plymouth (2010)
Lin, P.L., Weng, L.T., Huang, P.W.: Graphical password using images with random tracks of geometric shapes. In: Proceedings of the 2008 Congress on Image and Signal Processing, pp. 27–31. IEEE Computer Society, Los Alamitos (2008)
Harada, A., Isarida, T., Mizuno, T., Nishigaki, M.: A User Authentication System Using Schema of Visual Memory. In: Ijspeert, A.J., Masuzawa, T., Kusumoto, S. (eds.) BioADIT 2006. LNCS, vol. 3853, pp. 338–345. Springer, Heidelberg (2006)
Hayashi, E., Dhamija, R., Christin, N., Perrig, A.: Use Your Illusion: secure authentication usable anywhere. In: Proceedings of the 4th Symposium on Usable Privacy and Security, Pittsburgh, Pennsylvania, pp. 35–45. ACM, New York (2008)
Chiasson, S., Forget, A., Biddle, R., Oorschot, P.C.V.: Influencing users towards better passwords: persuasive cued click-points. In: Proceedings of the 22nd British HCI Group Annual Conference on HCI 2008: People and Computers XXII: Culture, Creativity, Interaction, Liverpool, United Kingdom, vol. 1, pp. 121–130. British Computer Society (2008)
Jali, M.Z., Furnell, S.M., Dowland, P.S.: Assessing image-based authentication techniques in a web-based environment. Information Management & Computer Security 18(1), 43–53 (2010)
Chiasson, S., Biddle, R., Oorschot, P.C.V.: A second look at the usability of click-based graphical passwords. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, Pittsburgh, Pennsylvania, pp. 1–12. ACM, New York (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Jali, M., Furnell, S., Dowland, P. (2011). Quantifying the Effect of Graphical Password Guidelines for Better Security. In: Camenisch, J., Fischer-Hübner, S., Murayama, Y., Portmann, A., Rieder, C. (eds) Future Challenges in Security and Privacy for Academia and Industry. SEC 2011. IFIP Advances in Information and Communication Technology, vol 354. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21424-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-21424-0_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21423-3
Online ISBN: 978-3-642-21424-0
eBook Packages: Computer ScienceComputer Science (R0)