Abstract
Graphical passwords can replace alphanumeric passwords when the data entry device is not a keyboard, but a touchscreen instead, as is the case for modern mobile devices (smartphones and tablets). However, misinterpretations on the security of graphical passwords compared to textual ones can lead to insecure systems. This paper outlines a set of security best practices concerning the design of icon-based authentication mechanisms. The best practices have been derived from a behavioral study on the usability of a prototype. The paper also proposes methods for quality control and protection against brute force attacks against icon-based passwords.
Keywords
- Mobile security
- Authentication mechanisms
- Graphical passwords
This is a preview of subscription content, access via your institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Narayanan, A., Shmatikov, V.: Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff. In: CCS 2005, Alexandria, Virginia, USA, November 7-11 (2005)
Biddle, R., Chiasson, S., Van Oorschot, P.C.: Graphical Passwords: Learning from the First Twelve Years. School of Computer Science, Carleton University (2011)
Cowan, N.: The magical number 4 in short-term memory: A reconsideration of mental storage capacity. The Behavioral and Brain Sciences 24(1), 87–114; Discussion 114–185
Gehringer, E.F.: Choosing Passwords: Security and Human Factors. In: International Symposium on Technology and Society (ISTAS), pp. 369–373 (2002)
FIPS PUB 112. Password Usage. Appendix E - Password Management Guideline (May 1985)
Miller, G.A.: The Magical Number Seven, Plus or Minus Two - Some Limits on Our Capacity for Processing Information. Psychological Review 101(2), 343–352 (1955)
Helkala, K., Snekkenes, E.: Password Generation and Search Space Reduction. Journal of Computers 4(7), 663–669 (2009)
Helkala, K.: Password Education Based on Guidelines Tailored to Different Password Categories. Journal of Computers 6(5), 969–975 (2011)
Smith, R.E.: Authentication: From Passwords to Public Keys. Addison-Wesley Professional (October 11, 2001) ISBN 978-0201615999
Gaw, S., Felten, E.W.: Password Management Strategies for Online Accounts. In: Symposium on Usable Privacy and Security (SOUPS), Pittsburgh, PA, USA, July 12-14 (2006)
Tambascia, C.A., Menezes, E.M., Duarte, R.E.: Usability evaluation of iconographic authentication for mobile devices using eye tracking. In: First International Conference on Mobile Services, Resources, and Users, Barcelona, Spain, October 23-28 (2011)
Shay, R., et al.: Encountering Stronger Password Requirements: User Attitudes and Behaviors. In: Symposium on Usable Privacy and Security (SOUPS), Redmond, WA, USA, July 14-16 (2010)
Dunphy, P., Heiner, A.P., Asokan, N.: A Closer Look at Recognition-based Graphical Passwords on Mobile Devices. In: Symposium on Usable Privacy and Security (SOUPS), Redmond, WA, USA, July 14-16 (2010)
Sasse, M.A., et al.: Transforming the ‘weakest link’ - a human/computer interaction approach to usable and effective security. BT Tech. Journal 19(3), 122–131 (2001)
Klein, D.: Foiling the cracker: A survey of, and improvements to, password security. In: 2nd USENIX Security Workshop (1990)
Morris, R., Thompson, K.: Password Security: A Case History. Communications of the ACM 22(11), 594–597 (1979)
Bentley, J., Mallows, C.: How Much Assurance Does a PIN Provide? In: Baird, H.S., Lopresti, D.P. (eds.) HIP 2005. LNCS, vol. 3517, pp. 111–126. Springer, Heidelberg (2005)
Ávila, I., Gudwin, R.: Icons as helpers in the interaction of illiterate users with computers. In: Proc. of the Interfaces and Human Computer Interaction 2009, IHCI 2009, Algarve, Portugal, June 20-22 (2009)
Kirkpatrick, B.: An experimental study of memory. Psychological Review 1, 602–609 (1894)
Madigan, S.: Picture memory. In: Yuille, J. (ed.) Imagery, Memory, and Cognition: Essays in Honor of Allan Paivio, ch. 3, pp. 65–89. Lawrence Erlbaum Associates (1983)
Paivio, A., et al.: Why are pictures easier to recall than words? Psychonomic Science 11(4), 137–138 (1968)
Shepard, R.: Recognition memory for words, sentences, and pictures. Journal of Verbal Learning and Verbal Behavior 6, 156–163 (1967)
Renald, K., Angeli, A.: Visual Passwords: Cure-All or Snake-Oil. Communications of the ACM 52(11), 135–140 (2009)
Avila, I.A., Meneses, E.M., Braga, A.M.: Memorization Techniques in Iconic Passwords. In: Interfaces and Human Computer Interaction (IHCI), Lisbon, Portugal (July 2012)
Sedgewick, R.: Permutation Generation Methods. Computing Surveys 9(2) (1977)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Braga, A., Cividanes, R., Ávila, I., Tambascia, C. (2012). Protection Aspects of Iconic Passwords on Mobile Devices. In: Xiang, Y., Lopez, J., Kuo, CC.J., Zhou, W. (eds) Cyberspace Safety and Security. CSS 2012. Lecture Notes in Computer Science, vol 7672. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35362-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-35362-8_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35361-1
Online ISBN: 978-3-642-35362-8
eBook Packages: Computer ScienceComputer Science (R0)
