Elizabeth Stobert scite author profile

Abstract-This paper presents an integrated evaluation of the Persuasive Cued Click-Points graphical password scheme, including usability and security evaluations, and implementation considerations. An important usability goal for knowledge-based authentication systems is to support users in selecting passwords of higher security, in the sense of being from an expanded effective security space. We use persuasion to influence user choice in click-based graphical passwords, encouraging users to select more random, and hence more difficult to guess, click-points.

show abstract

Multiple password interference in text passwords and click-based graphical passwords

Chiasson

Forget

Stobert

et al. 2009

127

View full text Add to dashboard Cite

The underlying issues relating to the usability and security of multiple passwords are largely unexplored. However, we know that people generally have difficulty remembering multiple passwords. This reduces security since users reuse the same password for different systems or reveal other passwords as they try to log in. We report on a laboratory study comparing recall of multiple text passwords with recall of multiple click-based graphical passwords. In a one-hour session (short-term), we found that participants in the graphical password condition coped significantly better than those in the text password condition. In particular, they made fewer errors when recalling their passwords, did not resort to creating passwords directly related to account names, and did not use similar passwords across multiple accounts. After two weeks, participants in the two conditions had recall success rates that were not statistically different from each other, but those with text passwords made more recall errors than participants with graphical passwords. In our study, click-based graphical passwords were significantly less susceptible to multiple password interference in the short-term, while having comparable usability to text passwords in most other respects.

show abstract

A First Look at the Usability of Bitcoin Key Management

Eskandari¹,

Barrera²,

Stobert³

et al. 2015

View full text Add to dashboard Cite

Abstract-Bitcoin users are directly or indirectly forced to deal with public key cryptography, which has a number of security and usability challenges that differ from the password-based authentication underlying most online banking services. Users must ensure that keys are simultaneously accessible, resistant to digital theft and resilient to loss. In this paper, we contribute an evaluation framework for comparing Bitcoin key management approaches, and conduct a broad usability evaluation of six representative Bitcoin clients. We find that Bitcoin shares many of the fundamental challenges of key management known from other domains, but that Bitcoin may present a unique opportunity to rethink key management for end users.

show abstract

Memory retrieval and graphical passwords

Stobert

Biddle

2013

View full text Add to dashboard Cite

Graphical passwords are an alternative form of authentication that use images for login, and leverage the picture superiority e↵ect for good usability and memorability. Categories of graphical passwords have been distinguished on the basis of di↵erent kinds of memory retrieval (recall, cued-recall, and recognition). Psychological research suggests that leveraging recognition memory should be best, but this remains an open question in the password literature. This paper examines how di↵erent kinds of memory retrieval a↵ect the memorability and usability of random assigned graphical passwords. A series of five studies of graphical and text passwords showed that participants were able to better remember recognition-based graphical passwords, but their usability was limited by slow login times. A graphical password scheme that leveraged recognition and recall memory was most successful at combining memorability and usability.

show abstract

The Password Life Cycle

Stobert

Biddle

2018

ACM Trans. Priv. Secur.

View full text Add to dashboard Cite

Managing passwords is a difficult task for users, who must create, remember, and keep track of large numbers of passwords. In this work, we investigated users’ coping strategies for password management. Through a series of interviews, we identified a “life cycle” of password use and find that users’ central task in coping with their passwords is rationing their effort to best protect their important accounts. We followed up this work by interviewing experts about their password management practices and found that experts rely on the same kinds of coping strategies as non-experts, but that their increased situation awareness of security allows them to better ration their effort into protecting their accounts. Finally, we conducted a survey study to explore how the life cycle model generalizes to the larger population and find that the life cycle and rationing patterns can be seen in the broader population, but that survey respondents were less likely to characterize security management as a challenging task.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.