Design and evaluation of a shoulder-surfing resistant graphical password scheme

Proceedings of the Workshop on Advanced Visual Interfaces

Volumn 2006, Issue , 2006, Pages 177-184

  Wiedenbeck, Susan ^a   Waters, Jim ^a   Sobrado, Leonardo ^b   Birget, Jean Camille ^b  

^a DREXEL UNIVERSITY   (United States)

^b RUTGERS UNIVERSITY   (United States)

Author keywords

Authentication; Convex hull click scheme; Graphical passwords; Password security; Shoulder surfing; Usable security

Indexed keywords

AUTHENTICATION; COMPUTER CRIME; GRAPHIC METHODS; SECURITY OF DATA; USER INTERFACES;

CONVEX HULL CLICK SCHEME; GRAPHICAL PASSWORDS; PASSWORD SECURITY; SHOULDER-SURFING; USABLE SECURITY;

SECURITY SYSTEMS;

EID: 34247167942     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1133265.1133303     Document Type: Conference Paper

References (21)

1. Adams, A. and Sasse, M.A. Users are not the enemy. CACM 42, 12 (1999), 41-46.
2. Brostoff, S. and Sasse, M.A. Are Passfaces more usable than passwords: A field trial investigation. In McDonald S., et al. (Eds.), People and Computers XIV - Usability or Else, Proc. of HCI2000, Springer, 2000, 405-424.
3. Brown, A.S., Bracken, E., Zoccoli, S. and Douglas, K. Generating and remembering passwords. Applied Cognitive Psychology, 18, (2004), 641-651.
4. Davis, D., Monrose, F., and Reiter, M.K. On user choice in graphical password schemes. In Proc. of the 13th USENIX Security Symposium, San Diego, 2004.
5. De Angeli, A., Coutts, M., Coventry, L., Cameron, D., Johnson, G.I., and Fischer, M. VIP: A visual approach to user authentication. In Proc. of AVI 2002, ACM Press, NY, 2002, 316-323.
6. De Angeli, A., Coventry, L., Johnson, G., and Renaud, K. Is a picture worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies, 63, 1-2 (2005), 128-152.
7. Deci, E.L. Intrinsic Motivation, Plenum, New York, 1975.
8. Dhamija, R. Hash visualization in user authentication. In Proc. of CHI 2000, ACM Press, NY, 2002, 279-280.
9. Dhamija, R. and Perrig, A. Déjà Vu: User study using images for authentication. In Ninth Usenix Security Symposium, 2000.
10. Feldmeier, D. C. and Kam, P. R. UNIX password security -ten years later. In Advances in Cryptography - CRYPTO '89, Lecture Notes in Computer Science 435, Springer-Verlag 1990, 44-63.
11. Ives, B., Walsh, K. R., and Schneider, H. 2004. The domino effect of password reuse. CACM, 47,4 (2004), 76-78.
12. Lepper, M.R. and Malone, T.W. Intrinsic motivation and instructional effectiveness in computer-based education. In R. E. Snow and M. J. Farr (Eds.), Aptitude, Learning, and Instruction, Lawrence Erlbaum, Hillsdale, NJ, 1987, 255-286.
13. Morris, R. and Thompson, K. Password security: A case study. CACM, 22, (1979), 594-597.
14. Norman, D.A. The Design of Everyday Things. Basic Books, New York, 1988.
15. Roth, V., Richter, K., and Freidinger, R. A PIN-entry method resilient against shoulder-surfing. Proc. of the 11th ACM Conference on Computer and Communications Security, 2004, 236-245.
16. Giblin, P. Identities snatched in blink of eye. http://www.sachitechcops. org/news012604.htm.Accessed December 9, 2005.
17. Sasse, M. A., Brostoff, S. and Weirich, D. Transforming the 'weakest link' - a human/computer interaction approach to usable and effective security. BT Technical Journal, 19, (2001), 122-131.
18. Shoulder-surfing gets secret numbers on tape. http://www.wftv.com/money/ 3964515/detail.html. Accessed December 9, 2005.
19. Sobrado, L. and Birget, J.C. Graphical passwords. The Rutgers Scholar, 4, (Sept. 2002). http://RutgersScholar.rutgers.edu/volume04/sobrbirg/sobrbirg.htm.
20. Wagstaff, J. Shoulder-surfing: the old new phishing. http://loosewire. typepad.com/blog/2005/04/shoulder_surfin.html. Accessed December 9, 2005.
21. Wiedenbeck, S., Waters, J., Birget, J.C., Brodskiy, A., and Memon, N. PassPoints: design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies, 63, (2005), 102-127