Skip to main content

Protection Aspects of Iconic Passwords on Mobile Devices

  • Conference paper
  • 2357 Accesses

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7672)

Abstract

Graphical passwords can replace alphanumeric passwords when the data entry device is not a keyboard, but a touchscreen instead, as is the case for modern mobile devices (smartphones and tablets). However, misinterpretations on the security of graphical passwords compared to textual ones can lead to insecure systems. This paper outlines a set of security best practices concerning the design of icon-based authentication mechanisms. The best practices have been derived from a behavioral study on the usability of a prototype. The paper also proposes methods for quality control and protection against brute force attacks against icon-based passwords.

Keywords

  • Mobile security
  • Authentication mechanisms
  • Graphical passwords

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Narayanan, A., Shmatikov, V.: Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff. In: CCS 2005, Alexandria, Virginia, USA, November 7-11 (2005)

    Google Scholar 

  2. Biddle, R., Chiasson, S., Van Oorschot, P.C.: Graphical Passwords: Learning from the First Twelve Years. School of Computer Science, Carleton University (2011)

    Google Scholar 

  3. Cowan, N.: The magical number 4 in short-term memory: A reconsideration of mental storage capacity. The Behavioral and Brain Sciences 24(1), 87–114; Discussion 114–185

    Google Scholar 

  4. Gehringer, E.F.: Choosing Passwords: Security and Human Factors. In: International Symposium on Technology and Society (ISTAS), pp. 369–373 (2002)

    Google Scholar 

  5. FIPS PUB 112. Password Usage. Appendix E - Password Management Guideline (May 1985)

    Google Scholar 

  6. Miller, G.A.: The Magical Number Seven, Plus or Minus Two - Some Limits on Our Capacity for Processing Information. Psychological Review 101(2), 343–352 (1955)

    CrossRef  Google Scholar 

  7. Helkala, K., Snekkenes, E.: Password Generation and Search Space Reduction. Journal of Computers 4(7), 663–669 (2009)

    CrossRef  Google Scholar 

  8. Helkala, K.: Password Education Based on Guidelines Tailored to Different Password Categories. Journal of Computers 6(5), 969–975 (2011)

    CrossRef  Google Scholar 

  9. Smith, R.E.: Authentication: From Passwords to Public Keys. Addison-Wesley Professional (October 11, 2001) ISBN 978-0201615999

    Google Scholar 

  10. Gaw, S., Felten, E.W.: Password Management Strategies for Online Accounts. In: Symposium on Usable Privacy and Security (SOUPS), Pittsburgh, PA, USA, July 12-14 (2006)

    Google Scholar 

  11. Tambascia, C.A., Menezes, E.M., Duarte, R.E.: Usability evaluation of iconographic authentication for mobile devices using eye tracking. In: First International Conference on Mobile Services, Resources, and Users, Barcelona, Spain, October 23-28 (2011)

    Google Scholar 

  12. Shay, R., et al.: Encountering Stronger Password Requirements: User Attitudes and Behaviors. In: Symposium on Usable Privacy and Security (SOUPS), Redmond, WA, USA, July 14-16 (2010)

    Google Scholar 

  13. Dunphy, P., Heiner, A.P., Asokan, N.: A Closer Look at Recognition-based Graphical Passwords on Mobile Devices. In: Symposium on Usable Privacy and Security (SOUPS), Redmond, WA, USA, July 14-16 (2010)

    Google Scholar 

  14. Sasse, M.A., et al.: Transforming the ‘weakest link’ - a human/computer interaction approach to usable and effective security. BT Tech. Journal 19(3), 122–131 (2001)

    CrossRef  Google Scholar 

  15. Klein, D.: Foiling the cracker: A survey of, and improvements to, password security. In: 2nd USENIX Security Workshop (1990)

    Google Scholar 

  16. Morris, R., Thompson, K.: Password Security: A Case History. Communications of the ACM 22(11), 594–597 (1979)

    CrossRef  Google Scholar 

  17. Bentley, J., Mallows, C.: How Much Assurance Does a PIN Provide? In: Baird, H.S., Lopresti, D.P. (eds.) HIP 2005. LNCS, vol. 3517, pp. 111–126. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  18. Ávila, I., Gudwin, R.: Icons as helpers in the interaction of illiterate users with computers. In: Proc. of the Interfaces and Human Computer Interaction 2009, IHCI 2009, Algarve, Portugal, June 20-22 (2009)

    Google Scholar 

  19. Kirkpatrick, B.: An experimental study of memory. Psychological Review 1, 602–609 (1894)

    CrossRef  Google Scholar 

  20. Madigan, S.: Picture memory. In: Yuille, J. (ed.) Imagery, Memory, and Cognition: Essays in Honor of Allan Paivio, ch. 3, pp. 65–89. Lawrence Erlbaum Associates (1983)

    Google Scholar 

  21. Paivio, A., et al.: Why are pictures easier to recall than words? Psychonomic Science 11(4), 137–138 (1968)

    CrossRef  Google Scholar 

  22. Shepard, R.: Recognition memory for words, sentences, and pictures. Journal of Verbal Learning and Verbal Behavior 6, 156–163 (1967)

    CrossRef  Google Scholar 

  23. Renald, K., Angeli, A.: Visual Passwords: Cure-All or Snake-Oil. Communications of the ACM 52(11), 135–140 (2009)

    Google Scholar 

  24. Avila, I.A., Meneses, E.M., Braga, A.M.: Memorization Techniques in Iconic Passwords. In: Interfaces and Human Computer Interaction (IHCI), Lisbon, Portugal (July 2012)

    Google Scholar 

  25. Sedgewick, R.: Permutation Generation Methods. Computing Surveys 9(2) (1977)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Braga, A., Cividanes, R., Ávila, I., Tambascia, C. (2012). Protection Aspects of Iconic Passwords on Mobile Devices. In: Xiang, Y., Lopez, J., Kuo, CC.J., Zhou, W. (eds) Cyberspace Safety and Security. CSS 2012. Lecture Notes in Computer Science, vol 7672. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35362-8_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35362-8_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35361-1

  • Online ISBN: 978-3-642-35362-8

  • eBook Packages: Computer ScienceComputer Science (R0)