Multiple password interference in text passwords and click-based graphical passwords

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2009, Pages 500-511

  Chiasson, Sonia ^a   Forget, Alain ^a   Stobert, Elizabeth ^a   Van Oorschot, P C ^a   Biddle, Robert ^a  

^a CARLETON UNIVERSITY   (Canada)

Author keywords

Authentication; Graphical passwords; Multiple password interference; Usable security

Indexed keywords

GRAPHICAL PASSWORD; LABORATORY STUDIES; MULTIPLE PASSWORD INTERFERENCE; TEXT PASSWORD; USABILITY AND SECURITY; USABLE SECURITY;

AUTHENTICATION; ERRORS;

NETWORK SECURITY;

EID: 74049149728     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1653662.1653722     Document Type: Conference Paper

References (40)

1. A. Adams and M. Sasse. Users are not the enemy. Communication of the ACM, 42(12):41-46, 1999.
2. M. Anderson and J. Neely. Memory. Handbook of Perception and Cognition, chapter 8: Interference and inhibition in memory retrieval, pages 237-313. Academic Press, 2nd edition, 1996.
3. G. Blonder. Graphical passwords. United States Patent 5,559,961, 1996.
4. I. Britton. Freefoto website. http://www.freefoto, accessed February 2007.
5. B. Burstein, L. Bank, and L. Jarvik. Sex differences in cognitive functioning: Evidence, determinants, implications. Human Development, 23:289-313, 1980.
6. S. Chiasson, R. Biddle, and P. C. van Oorschot. A second look at the usability of click-based graphical passwords. In 3rd Symposium on Usable Privacy and Security (SOUPS), July 2007.
7. nd British HCI Group Annual Conference on HCI. British Computer Society, September 2008.
8. S. Chiasson, A. Forget, R. Biddle, and P. C. van Oorschot. User interface design affects security: Patterns in click-based graphical passwords. International Journal of Information Security, 8(5), 2009.
9. S. Chiasson, P. C. van Oorschot, and R. Biddle. A usability study and critique of two password managers. In 15th USENIX Security Symposium, August 2006.
10. L. Cranor and S. Garfinkel. Security and Usability: Designing Systems that People Can Use. O'Reilly Media, edited collection edition, 2005.
11. D. Davis, F. Monrose, and M. Reiter. On user choice in graphical password schemes. In 13th USENIX Security Symposium, August 2004.
12. S. Designer. John the Ripper password cracker. http://www.openwall.com/ john/.
13. A. Dirik, N. Menon, and J. Birget. Modeling user choice in the Passpoints graphical password scheme. In 3rd ACM Conference on Symposium on Usable Privacy and Security (SOUPS), July 2007.
14. K. Everitt, T. Bragin, J. Fogarty, and T. Kohno. A comprehensive study of frequency, interference, and training of multiple graphical passwords. In ACM Conference on Human Factors in Computing Systems (CHI), April 2009.
15. D. Florencio and C. Herley. A large-scale study of WWW password habits. In 16th ACM International World Wide Web Conference (WWW), May 2007.
16. A. Forget, S. Chiasson, P. C. van Oorschot, and R. Biddle. Improving text passwords through persuasion. In 4th Symposium on Usable Privacy and Security (SOUPS), July 2008.
17. Free Images.com. Free Image website. http://www.freeimages.com, accessed February 2008.
18. S. Gaw and E. Felten. Password management strategies for online accounts. In 2nd Symposium On Usable Privacy and Security (SOUPS), July 2006.
19. E. Goldstein. Cognitive Psychology. Wadsworth Publishing, 2006.
20. K. Golofit. Click passwords under investigation. In 12th European Symposium On Research In Computer Security (ESORICS), Springer LNCS 4734, September 2007.
21. S. Komanduri and D. Hutchings. Order and entropy in Picture Passwords. In Graphics Interface Conference (GI), May 2008.
22. R. S. Lockhart. The Oxford Handbook of Memory, chapter 3: Methods of Memory Research, pages 45-57. Oxford University Press: New York, NY, 2000.
23. P. A. Lowe, J. W. Mayfield, and C. R. Reynolds. Gender differences in memory test performance among children and adolescents. Archives of Clinical Neuropsychology, 18:865-878, 2003.
24. S. Madigan. Chapter 3: Picture memory. In J. Yuille, editor, Imagery, Memory, and Cognition: Essays in Honor of Allan Paivio, chapter 3. Picture Memory, pages 65-89. Lawrence Erlbaum Associates, 1983.
25. W. Moncur and G. Leplatre. Pictures at the ATM: Exploring the usability of multiple graphical passwords. In ACM Conference on Human Factors in Computing Systems (CHI), April 2007.
26. F. Monrose and M. Reiter. Graphical passwords. In L. Cranor and S. Garfinkel, editors, Security and Usability: Designing Secure Systems That People Can Use, chapter 9, pages 157-174. O'Reilly, 2005.
27. PD Photo. PD Photo website. http://pdphoto.org, accessed February 2007.
28. M. Peters. Revised Vandenberg & Kuse Mental Rotations Tests: forms MRT-A to MRT-D. Technical report, Department of Psychology, University of Guelph, 1995.
29. K. Renaud. Evaluating authentication mechanisms. In L. Cranor and S. Garfinkel, editors, Security and Usability: Designing Secure Systems That People Can Use, chapter 6, pages 103-128. O'Reilly Media, 2005.
30. A. Salehi-Abari, J. Thorpe, and P. C. van Oorschot. On purely automated attacks and click-based graphical passwords. In 24th Annual Computer Security Applications Conference (ACSAC), 2008.
31. L. Standing, J. Conezio, and R. Haber. Perception and memory for pictures: Single-trial learning of 2500 visual stimuli. Psychonomic Science, 19(2):73-74, 1970.
32. X. Suo, Y. Zhu, and G. Owen. Graphical passwords: A survey. In Annual Computer Security Applications Conference (ACSAC), December 2005.
33. J. Thorpe and P. C. van Oorschot. Human-seeded attacks and exploiting hot-spots in graphical passwords. In 16th USENIX Security Symposium, August 2007.
34. E. Tulving and Z. Pearlstone. Availability versus accessibility of information in memory for words. Journal of Verbal Learning and Verbal Behavior, 5:381-391, 1966.
35. M. van Lieshout and A. Baddeley. A nonparametric measure of spatial interaction in point patterns. Statistica Neerlandica, 50(3):344-361, 1996.
36. K.-P. L. Vu, R. Proctor, A. Bhargav-Spantzel, B.-L. Tai, J. Cook, and E. Schultz. Improving password security and memorability to protect personal and organizational information. International Journal of Human-Computer Studies, 65:744-757, 2007.
37. A. Whitten and J. Tygar. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In 8th USENIX Security Symposium, Washington, D.C., August 1999.
38. S. Wiedenbeck, J. Waters, J. Birget, A. Brodskiy, and N. Memon. Authentication using graphical passwords: Basic results. In 11th International Conference on Human-Computer Interaction (HCI International), 2005.
39. S. Wiedenbeck, J. Waters, J. Birget, A. Brodskiy, and N. Memon. PassPoints: Design and longitudinal evaluation of a graphical password system. International Journal of Human-Computer Studies, 63(1-2):102-127, 2005.
40. S. Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N. Memon. Authentication using graphical passwords: Effects of tolerance and image choice. In 1st Symposium on Usable Privacy and Security (SOUPS), July 2005.