A closer look at recognition-based graphical passwords on mobile devices

ACM International Conference Proceeding Series

Volumn , Issue , 2010, Pages

  Dunphy, Paul ^a   Heiner, Andreas P ^b   Asokan, N ^b  

^a NEWCASTLE UNIVERSITY   (United Kingdom)

^b NOKIA RESEARCH CENTER   (United States)

Author keywords

Graphical passwords; Mobile devices; Shoulder surfing

Indexed keywords

ALPHANUMERIC PASSWORDS; APPLICATION DOMAINS; DEPLOYABILITY; DESIGN DECISIONS; FIRST LOOK; GRAPHICAL PASSWORD; HIGH POTENTIAL; HUMAN TESTING; IMAGE PROCESSING TECHNIQUE; LOG-IN DURATIONS; LOW ENTROPY; MEMORY RETENTION; PERSONAL DEVICES; SHOULDER SURFING; USER EVALUATIONS;

ENTROPY; FILTRATION; IMAGE PROCESSING; MOBILE DEVICES; MOBILE TELECOMMUNICATION SYSTEMS; PHOTOGRAPHY; PORTABLE EQUIPMENT;

SECURITY OF DATA;

EID: 77956257835     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1837110.1837114     Document Type: Conference Paper

References (40)

1. A. D. Angeli, L. Coventry, G. Johnson, and K. Renaud. Is a picture really worth a thousand words? exploring the feasibility of graphical authentication systems. Int. J. Hum.-Comput. Stud., 63(1-2):128-152, 2005.
2. S. Brostoff and A. Sasse. Are Passfaces more usable than passwords? A field trial investigation. In HCI 2000: Proceedings of People and Computers XIV - Usability or Else, pages 405-424. Springer, 2000.
3. A. P. Bryan Parno, Cynthia Kuo. Phoolproof phishing prevention. In Financial Cryptography, volume 4107 of Lecture Notes in Computer Science, pages 1-19. Springer, February 2006.
4. J. Canny. A computational approach to edge detection. IEEE Trans. Pattern Anal. Mach. Intell., 8(6):679-698, 1986.
5. S. Chiasson, R. Biddle, and P. C. van Oorschot. A second look at the usability of click-based graphical passwords. In SOUPS '07: Proceedings of the 3rd symposium on Usable privacy and security, pages 1-12, New York, NY, USA, 2007. ACM.
6. N. Clarke and S. Furnell. Authentication of users on mobile telephones - a survey of attitudes and practices. Computers and Security, 24(7):519 - 527, 2005.
7. D. Davis, F. Monrose, and M. K. Reiter. On user choice in graphical password schemes. In SSYM'04: Proceedings of the 13th conference on USENIX Security Symposium, Berkeley, CA, USA, 2004. USENIX Association.
8. R. Dhamija and A. Perrig. Déjà Vu: a user study using images for authentication. In SSYM'00: Proceedings of the 9th conference on USENIX Security Symposium, Berkeley, CA, USA, 2000. USENIX Association.
9. A. E. Dirik, N. Memon, and J.-C. Birget. Modeling user choice in the PassPoints graphical password scheme. In SOUPS '07: Proceedings of the 3rd symposium on Usable privacy and security, pages 20-28, New York, NY, USA, 2007. ACM.
10. J. Duncan and G. W. Humphreys. Visual search and stimulus similarity. Psychological review, 96(3):433-458, July 1989.
11. P. Dunphy, J. Nicholson, and P. Olivier. Securing Passfaces for Description. In SOUPS '08: Proceedings of the 3rd symposium on Usable privacy and security, New York, NY, USA, 2008. ACM.
12. P. Dunphy and J. Yan. Is FacePIN secure and usable? In SOUPS '07: Proceedings of the 3rd symposium on Usable privacy and security, pages 165-166, New York, NY, USA, 2007. ACM.
13. K. M. Everitt, T. Bragin, J. Fogarty, and T. Kohno. A comprehensive study of frequency, interference, and training of multiple graphical passwords. In CHI '09: Proceedings of the 27th international conference on Human factors in computing systems, pages 889-898, New York, NY, USA, 2009. ACM.
14. J. Flatley. Mobile phone theft, plastic card and identity fraud: Findings from the 2005/06 british crime survey. Home Office Statistical Bulletin, 2005.
15. P. Golle and D. Wagner. Cryptanalysis of a cognitive authentication scheme (extended abstract). In SP '07: Proceedings of the 2007 IEEE Symposium on Security and Privacy, pages 66-70, Washington, DC, USA, 2007. IEEE Computer Society.
16. V. Harrington and P. Mayhew. Mobile phone theft. Home Office Research Study 235, 2001.
17. E. Hayashi, R. Dhamija, N. Christin, and A. Perrig. Use your illusion: secure authentication usable anywhere. In SOUPS '08: Proceedings of the 4th symposium on Usable privacy and security, pages 35-45, New York, NY, USA, 2008. ACM.
18. L. N. Hoang, P. Laitinen, and N. Asokan. Secure roaming with identity metasystems. In IDtrust 2008, Proceedings of the 7th Symposium on Identity and Trust on the Internet, pages 36-47, March 2008.
19. Ian Jermyn and Alain Mayer and Fabian Monrose and Michael K. Reiter and Aviel D. Rubin. The design and analysis of graphical passwords. In SSYM'99: Proceedings of the 8th Conference on USENIX Security Symposium, Berkeley, CA, USA, 1999. USENIX Association.
20. A. K. Karlson, A. B. Brush, and S. Schechter. Can i borrow your phone?: understanding concerns when sharing mobile phones. In CHI '09: Proceedings of the 27th international conference on Human factors in computing systems, pages 1647-1650, New York, NY, USA, 2009. ACM.
21. D. Kim, P. Dunphy, P. Briggs, J. Hook, J. Nicholson, J. Nicholson, and P. Olivier. Multi-touch authentication on tabletops. In CHI '10: Proceedings of the 28th international conference on Human factors in computing systems, pages 1093-1102, New York, NY, USA, 2010. ACM.
22. J. Kjeldskov, M. B. Skov, B. S. Als, and R. T. Høegh. Is it worth the hassle? exploring the added value of evaluating the usability of context-aware mobile systems in the field. In Mobile HCI, pages 61-73. Springer-Verlag, 2004.
23. D. V. Klein. "foiling the cracker" - A survey of, and improvements to, password security. In Proceedings of the second USENIX Workshop on Security, pages 5-14, 1990.
24. C. M. Nielsen, M. Overgaard, M. B. Pedersen, J. Stage, and S. Stenild. It's worth the hassle!: the added value of evaluating the usability of mobile systems in the field. In NordiCHI '06: Proceedings of the 4th Nordic conference on Human-computer interaction, pages 272-280, New York, NY, USA, 2006. ACM.
25. Passfaces Corporation. The Science Behind Passfaces. Company white paper.
26. T. Pering, M. Sundar, J. Light, and R. Want. Photographic authentication through untrusted terminals. IEEE Pervasive Computing, 2(1):30-36, 2003.
27. K. Renaud and E. Olsen. Dynahand: Observation-resistant recognition-based web authentication. Technology and Society Magazine, IEEE, 26(2):22-31, Summer 2007.
28. Y. Rogers, K. Connelly, L. Tedesco, W. Hazlewood, A. Kurtz, R. Hall, J. Hursey, and T. Toscos. Why it's worth the hassle: The value of in-situ studies when designing ubicomp. pages 336-353, 2007.
29. M. A. Sasse, S. Brostoff, and D. Weirich. Transforming the 'Weakest Link' - a Human/Computer Interaction Approach to Usable and Effective Security. BT Technology Journal, 19(3):122-131, 2001.
30. W. Schneider and R. M. Shiffrin. Controlled and automatic human information processing: I. detection, search, and attention. Psychological Review, 84:1-66, 1977.
31. R. Shepard. Recognition memory for words, sentences and pictures. Journal of Verbal Learning and Verbal Behavior, 6:156-163, 1967.
32. Sourceforge. 'perceptualdiff' (2008) last accessed 02/12/2008. http://pdiff.sourceforge.net/.
33. X. Suo, Y. Zhu, and G. S. Owen. Graphical Passwords: A Survey. In ACSAC '05: Proceedings of the 21st Annual Computer Security Applications Conference, pages 463-472, Washington, DC, USA, 2005. IEEE Computer Society.
34. T. Takada, T. Onuki, and H. Koike. Awase-e: Recognition-based image authentication scheme using users' personal photographs. Innovations in Information Technology, 2006, pages 1-5, Nov. 2006.
35. J. Thorpe and P. V. Oorschott. Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. In 16th USENIX Security Symposium, Aug. 6-10, 2007.
36. T. S. Tullis and D. P. Tedesco. Using personal photos as pictorial passwords. In CHI '05: CHI '05 extended abstracts on Human factors in computing systems, pages 1841-1844, New York, NY, USA, 2005. ACM.
37. E. Uzun, K. Karvonen, and N. Asokan. Usability analysis of secure pairing methods. In Proceedings of the Usable Security 2007 (USEC 07) Workshop, volume 4886 of Lecture Notes in Computer Science, pages 307-324, Lowlands, Scarborough, Trinidad/Tobago, February 2007. Springer.
38. J. Z. Wang, J. Li, and G. Wiederhold. Simplicity: Semantics-sensitive integrated matching for picture libraries. IEEE Transactions on Pattern Analysis and Machine Intelligence, 23:947-963, 2001.
39. D. Weinshall. Cognitive authentication schemes safe against spyware (short paper). In SP '06: Proceedings of the 2006 IEEE Symposium on Security and Privacy, pages 295-300, Washington, DC, USA, 2006. IEEE Computer Society.
40. S. Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N. Memon. PassPoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum.-Comput. Stud., 63(1-2):102-127, 2005.