Pass-Go: A proposal to improve the usability of graphical passwords

International Journal of Network Security

Volumn 7, Issue 2, 2008, Pages 273-292

  Tao, Hai ^a   Adams, Carlisle ^a  

^a UNIVERSITY OF OTTAWA   (Canada)

Author keywords

Dictionary attack; Graphical password; Memorable; Pass Go; Password space

Indexed keywords

DICTIONARY ATTACK; GRAPHICAL PASSWORD; MEMORABLE; PASS-GO; PASSWORD SPACES;

COMPUTER CRIME; MOBILE DEVICES;

AUTHENTICATION;

EID: 77958098545     PISSN: 1816353X     EISSN: 18163548     Source Type: Journal    
DOI: None     Document Type: Article

References (39)

1. F. Attneave, "Symmetry, Information and memory patterns," American Journal of Psychology, vol. 68, pp. 209-222, 1955.
2. J. Birget, D. Hong, and N. Memon, "Robust discretization, with an application to graphical passwords," Cryptology ePrint Archive, Report 2003/168, http://eprint.iacr.org/2003/168, Jan. 29, 2006.
3. G. Blonder, Graphical Passwords, United States Patent 5559961, 1996.
4. G. H. Bower, M. B. Karlin, and A. Dueck, "Comprehension and memory for pictures," Memory and Cognition, vol. 3, pp. 216-220, 1975.
5. S. Brostoff, and M. A. Sasse, 2000, "Are PassfacesTM more usable than passwords? A field trial investigation," Proceedings of Human Computer Interaction, pp. 405-424, 2000.
6. D. Davis, F. Monrose, and M. K. Reiter, "On user choice in graphical password schemes," Proceedings of the 13th USENIX Security Symposium, pp. 151-164, 2004
7. R. Dhamija, and A. Perrig, "D0ej'a Vu: A User study using images for authentication," Proceedings of the 9th USENIX Security Symposium, pp. 45-58, 2000.
8. D. Feldmeier, and P. Karn, "UNIX password security-ten years later," Proceedings of the 19th International Conference on Advances in Cryptology (Crypto '89), LNCS435, pp. 44-63, Springer-Verlag, 1989.
9. J. Goldberg, J. Hagman, and V. Sazawal, "Doodling our way to better authentication," in Conference on Human Factors and Computing Systems, Poster Session: Student Posters, pp. 868-869, 2002.
10. H. Intraub, "Presentation rate and the representation of briefly glimpsed pictures in memory," Journal of Experimental Psychology: Human Learning and Memory, vol. 6, no. 1, pp. 1-12, 1980.
11. W. Jansen, S. Gavrila, V. Korolev, R. Ayers, and R. Swanstrom, Picture Password: A Visual Login Technique for Mobile Devices, NIST Report-NISTIR7030, 2003.
12. I. Jermyn, A. Mayer, F. Monrose, M. K. Reiter, and A. D. Rubin, "The design and analysis of graphical passwords," Proceedings of the 8th USENIX Security Symposium, pp. 1-14, 1999.
13. D. Klein, "Foiling the cracker: A survey of, and improvements to, password security," Proceedings of the 2nd USENIX Security Workshop, pp. 5-14, 1990.
14. F. Monrose, and M. K. Reiter, Graphical passwords, Security and Usability, L. Cranor and S. Garfinkel Edit, O'Reilly, Ch. 9, pp. 147-164, 2005.
15. R. Morris, and K. Thompson, "Password security: A case history," Communications of the ACM, vol. 11, pp. 594-597, 1979.
16. D. Nali, and J. Thorpe, Analyzing User Choice In Graphical Passwords, Technical Report TR-04-01, Carleton University, Canada, 2004.
17. Openwall Project, John The Ripper Password Cracker, Jan. 29, 2006, http://www.openwall.com/jo hn/.
18. Openwall Project, Wordlist, Jan. 29, 2006, http:// www.openwall.com/passwords/wordlists.
19. A. Paivio, T. B. Rogers, and P. C. Smythe, "Why are pictures easier to recall than words?" Psychonomic Science, vol. 11, pp. 137-138, 1968.
20. Passfaces, The science behind passfacesTM for windows, site accessed on Jan. 29, 2006, http:// www.realuser.com/resources/white%20papers.htm.
21. Passlogix, site accessed on Jan. 29, 2006, http: //www.passlogix.com.
22. A. Perrig, and D. Song, "Hash visualization: A new technique to improve real-world security," International Workshop on Cryptographic Techniques and E-Commerce, pp. 131-138, 1999.
23. SFR, site accessed on Jan. 29, 2006, http:// www.viskey.com/tech.html.
24. L. Sobrado, and J. Birget, Graphical Passwords, The Rutgers Scholar, Rutgers University, Camden New Jersey 081024, 2002.
25. L. Standing, "Learning 10,000 pictures," Quarterly Journal of Experimental Psychology, vol. 25, pp. 207-222, 1973.
26. A. Stubblefield, and D. R. Simon, Inkblot Authentication, Microsoft Technical Report MSR-TR-2004-85, 2004.
27. W. C. Summers, and E. Bosworth, "Password policy: The good, the bad, and the ugly," Proceedings of the winter international synposium on Information and communication technologies, pp. 1-6,2004.
28. X. Suo, Y. Zhu, and G. S. Owen, "Graphical passwords: A survey," 21st Annual Computer Security Applications Conference (ACSAC), pp. 463-472, Dec. 5-9, 2005.
29. T. Takada, and H. Koike, "Awase-E: Image-based authentication for mobile phones using user's favorite images," Human-Computer Interaction with Mobile Devices and Services, vol. 2795, pp. 347-351, Springer-Verlag, GmbH, 2003.
30. J. Thorpe, and P. C. Van Oorschot, "Graphical dictionaries and the memorable space of graphical passwords," Proceedings of the 13th USENIX Security Symposium, pp. 135-150, 2004.
31. T. J. Thorpe, and P. C. Van Oorschot, "Towards secure design choices for implementing graphical passwords," Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC), pp. 50- 60, Tucson, USA. Dec. 2004.
32. C. S. Tsai, C. C. Lee, and M. S. Hwang, "Password authentication schemes: Current status and key issues," International Journal of Network Security, vol. 3, no. 2, pp. 101-115, Sep. 2006.
33. USGO, A Very Brief History of Go, site accessed on Jan 20, 2006, http://www.usgo.org/resources/gohistory.asp.
34. USGO, Top Ten Reasons to Play Go, site accessed on Jan. 20, 2006, http://www.usgo.org/resources/topten.asp.
35. P. C. V. Oorschot, and J. Thorpe, On The Security of Graphical Password Schemes, Technical Report TR-05-12, Carleton University, Canada, 2005.
36. S. Wiedenbeck, J. Waters, J. Birget, A. Brodskiy, and N. Memon, "PassPoints: Design and longitu-dinal evaluation of a graphical password system," International Journal of Human-Computer Studies (Special Issue on HCI Research in Privacy and Security), vol. 63, pp. 102-127, 2005.
37. T. Wu, "A real-world analysis of kerebros password security," Proceedings of the 1999ISOC Symposium on Network and Distributed System Security, vol. 8, pp. 723-736, 1990.
38. J. Yan, A. Blackwell, R. Aanderson, and A.Grant, The Memorability and Security of Passwords - Some Empirical Results, Technical Report, no. 500, Computer Laboratory, University of Cambridge, 2000.
39. J. Yan, "A note on proactive password checking," ACM New Security Paradigms Workshop, pp. 127- 135, New Mexico, USA, 2001