Roman Weiss
ABSTRACT
Authentication today mostly relies on passwords or personal identification numbers (PINs). Therefore the average user has to remember an increasing amount of PINs and passwords. Unfortunately, humans have limited capabilities for remembering abstract alphanumeric sequences. Thus, many people either forget them or use very simple ones, which implies several security risks. In this work, a novel authentication method called PassShapes is presented. In this system users authenticate themselves to a computing system by drawing simple geometric shapes constructed of an arbitrary combination of eight different strokes. We argue that using such shapes will allow more complex and thus more secure authentication tokens with a lower cognitive load and higher memorability. To prove these assumptions, two user studies have been conducted. The memorability evaluation showed that the PassShapes concept is able to increase the memorability when users can practice the PassShapes several times. This effect is even increasing over time. Additionally, a prototype was implemented to conduct a usability study. The results of both studies indicate that the PassShapes approach is able to provide a usable and memorable authentication method.
- Adams, A., Sasse, M. A. 1999. Users are not the enemy. In: Communications of the ACM, 42:12, 40--46. Google Scholar
Digital Library
- Blonder, G., 1996. Graphical passwords. United States Patent 5559961.Google Scholar
- Brostoff, S., Sasse, M. A. 2000. Are Passfaces More Usable Than Passwords? A Field Trial Investigation. In: Proceedings of the HCI 2000. 405--424.Google Scholar
- Craik, F. I. M., Lockhart, R. S. 1972. Levels of processing: A framework for memory research. In: Journal of Verbal Learning and Verbal Behavior, 11.Google ScholarCross Ref
- Davis, D., Monrose, F., Reiter, M. K. 2004. On user choice in graphical password schemes. In: Proceedings of the 13th USENIX Security Symposium, (San Diego, California, August 9--13), 151--164. Google ScholarDigital Library
- De Angeli, A., Coventry, L., Johnson, G., Renaud, K. 2005. Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems, In: International Journal of Human-Computer Studies, 63:1--2, 128--152. Google ScholarDigital Library
- De Luca, A., Weiss, R., Drewes, H. Evaluation of Eye-Gaze Interaction Methods for Security Enhanced PIN-Entry. In: Proceedings of OZCHI 2007, Adelaide, Australia, 28--30.11.2007. Google ScholarDigital Library
- De Luca, A., Weiss, R., Hußmann, H., and An, X. 2008. Eyepass - eye-stroke authentication for public terminals. In CHI '08 Extended Abstracts. Florence, Italy, April 05--10, 2008. Google ScholarDigital Library
- Dirik, A. E., Memon, N., Birget, J. 2007. Modeling user choice in the PassPoints graphical password scheme. In Proceedings of the SOUPS 2007, (Pittsburgh, Pennsylvania, July 18--20, 2007). Google ScholarDigital Library
- Dhamija, R., Perrig, A. 2000. Déjà Vu: a user study using images for authentication. In: Proceedings of the 9th Conference on USENIX Security Symposium (Denver, Colorado, August 14--17, 2000), 45--58. Google ScholarDigital Library
- Flores d'Arcais G. 1994. Order of strokes writing as a cue for retrieval in reading chinese characters. In: Europ. Journal of Cognitive Psychology, 6:4, 337--55.Google ScholarCross Ref
- Klein, D. 1990. Foiling the cracker: A survey of, and improvements to, password security. In Proceedings of the 2nd USENIX Security Workshop (Portland, Oregon, August 27, 1990), 5--14.Google Scholar
- Jermyn, I., Mayer, A., Monrose, F., Reiter, M. K., Rubin, A. D. 1999. The design and analysis of graphical passwords. In: Proceedings of the 8th USENIX Security Symposium (Washington, D.C., August 23--26, 1999), 1--14. Google ScholarDigital Library
- Naka, M., Naoi, H. 1995. The effect of repeated writing on memory. In: Memory & Cognition, 23:2.Google Scholar
- Nali, D., Thorpe, J. 2004. Analyzing User Choice in Graphical Passwords. Tech. Report TR-04-01, School of Computer Science, Carleton University, Canada.Google Scholar
- Oorschot, P. v., Thorpe, J. 2008. On predictive models and user-drawn graphical passwords. In: ACM Transactions on Information and System Security (TISSEC) 10:4, 1--33. Google ScholarDigital Library
- Paivio, A., Csapo, K. 1973. Picture Superiority in Free Recall: Imagery or Dual Coding? In: Cognitive Psychology 5, 176--206.Google ScholarCross Ref
- Real User Corporation. PassFaces Personal. http://www.passfaces.com.Google Scholar
- Renaud, K., De Angeli, A. 2004. My password is here! An investigation into visuo-spatial authentication mechanisms. In: Interacting with Computers, 16:6.Google ScholarCross Ref
- Sasse, M. A., Brostoff, S., Weirich, D. 2001. Transforming the 'weakest link': a human--computer interaction approach to usable and effective security. In: BT Technology Journal 19:3, 122--131. Google ScholarDigital Library
- Shadmer, R., Brashers-Krug, T. 1999. Functional Stages in the Formation of Human Long-Term Motor Memory. In: The Journal of Neuroscience, 17:1.Google Scholar
- Standing, L., Conezio, J., Haber, R. N. 1970. Perception and memory for pictures: Single-trial learning of 2500 visual stimuli. In: Psychonomic Science 19:2, 73--74.Google ScholarCross Ref
- Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A., Memon, N. 2005. PassPoints: Design and longitudinal evaluation of a graphical password system. In: International Journal of Human-Computer Studies (HCI Research in Privacy and Security) 63, 102--127. Google ScholarDigital Library
Index Terms
- PassShapes: utilizing stroke based authentication to increase password memorability
Recommendations
PassShape: stroke based shape passwords
OZCHI '07: Proceedings of the 19th Australasian conference on Computer-Human Interaction: Entertaining User InterfacesAuthentication today mostly means using passwords or personal identification numbers (PINs). The average user has to remember an increasing amount of PINs and passwords. But unfortunately, humans have limited capabilities in remembering abstract ...
A new signature scheme without random oracles
Digital signature is commonly used for authentication of a user or data. In order to ensure the security of a signature scheme, it is important to design a signature scheme with a security proof. In 1999, Gennaro et al. and Cramer et al. respectively ...
Passhint: memorable and secure authentication
CHI '14: Proceedings of the SIGCHI Conference on Human Factors in Computing SystemsPeople find it difficult to remember multiple alphanumeric as well as graphical passwords. We propose a Passhint authentication system (PHAS), where the users have to choose four images and create hints for each one of them in order to register a new ...
Comments