Explore chapters and articles related to this topic
Privacy, Security, and Trust
Published in Julie A. Jacko, The Human–Computer Interaction Handbook, 2012
John Karat, Clare-Marie Karat, Carolyn Brodie
Others have taken up the challenge of providing usable passwords through nontext password schemes. For example, Monrose and Reiter (2005) provide an analysis of graphical passwords. As with text passwords, graphical passwords might be selected by the user (possibly enhancing usability but perhaps decreasing security) or selected by the system (enhancing security at the cost of usability). Although there is certainly ample evidence that people exhibit powerful memory for images (e.g., Mandler 1991), it is not completely clear that this translates easily into a superior password mechanism. Results from Monrose and Reiter demonstrate that graphical password schemes can suffer from drawbacks similar to those of textual schemes. People tend to select memorable graphical passwords enabling them to be more easily attacked, and random graphical figures can be more secure but also more difficult to recall.
On improving the memorability of system-assigned recognition-based passwords
Published in Behaviour & Information Technology, 2022
Mahdi Nasrullah Al-Ameen, Sonali T. Marne, Kanis Fatema, Matthew Wright, Shannon Scielzo
The user is asked to reproduce a drawing in this category of graphical passwords. In Draw-a-Secret (DAS), a user draws on top of a grid, and the password is represented as the sequence of grid squares (Mayer et al. 1999). Nali and Thorpe (2004) have shown that users choose predictable patterns in DAS that include drawing symmetric images with 1–3 pen strokes, using grid cell corners and lines (presumably as points of reference), and placing their drawing approximately in the centre of the grid. BDAS (Dunphy and Yan 2007) intends to reduce the amount of symmetry in the user's drawing by adding background images, but this may introduce other predictable behaviours such as targeting similar areas of the images or image-specific patterns (Biddle, Chiasson, and Van Oorschot 2012). DAS and BDAS have recall rates of no higher than .
A Human-Cognitive Perspective of Users’ Password Choices in Recognition-Based Graphical Authentication
Published in International Journal of Human–Computer Interaction, 2019
Christina Katsini, Christos Fidas, Marios Belk, George Samaras, Nikolaos Avouris
We used the recognition-based GUA scheme designed by Belk et al. (2017a), which is depicted in Figure 1. This mechanism was designed and developed based on the guidelines of well-cited recognition-based GUA mechanisms, such as DejaVu (Dhamija & Perrig, 2000), PassFaces (Brostoff & Sasse, 2000), and ImagePass (Mihajlov & Jerman-Blažič, 2011). During user enrollment, the user is presented with a total of 120 images of objects in a single screen in a 9 × 14 image grid. The images cannot be sorted or replaced and no adding or removing images is permitted. Each image can only be used once in a graphical password. The use of single-object images was based on recent research revealing that these are more memorable than faces and abstract images (Chowdhury, Poet, & Mackenzie, 2013; Mihajlov & Jerman-Blažič, 2011). To log in, the user is provided with a set of 25 images which includes the 5 images selected by the user and a set of 20 decoy images. The decoy images are randomly selected after the password creation from the remaining images, they are shuffled with the five images of the password and they are randomly positioned on the login grid, counterbalancing the security aspect of the login stage (Belk et al., 2017a).