Graphical Passwords -- A Discussion

Kayem, Anne V. D. M.

doi:10.1109/waina.2016.31

Cited by 14 publications

(21 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another alternative to alphanumeric passwords is graphical passwords [ 8 , 11 , 22 ]. There has been a degree of consensus regarding their viability, with a minor agreement that they outperform alphanumeric passwords [ 8 , 11 , 22 ]. Graphical passwords are typically sorted into three categories; recall, cued-recall, and recognition.…”

Section: Related Work and Significance Of This Studymentioning

confidence: 99%

“…Graphical passwords are typically sorted into three categories; recall, cued-recall, and recognition. Methodology can range from drawing an image (e.g., a signature), clicking or ordering images, selecting points on a given image, or various other graphical methods [ 22 ]. Often these systems rely on highly specific software dependencies which are not always viable for wider implementation.…”

Section: Related Work and Significance Of This Studymentioning

confidence: 99%

“…Often these systems rely on highly specific software dependencies which are not always viable for wider implementation. While graphical passwords may circumvent many issues native to alphanumeric passwords—such as brute-forcing, key-logging, and dictionary cyber-attacks—through its introduction of CAPTCHA-based elements, graphical passwords introduce their own set of native issues [ 8 , 11 , 17 , 22 , 23 , 24 , 25 ]. Primarily, deployability of graphical passwords is a continuous topic of debate; while it is usually accepted for ease of implementation on mobile devices, their implementation on web browsers or desktop systems has received scrutiny [ 8 ].…”

Section: Related Work and Significance Of This Studymentioning

confidence: 99%

See 2 more Smart Citations

A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication

Obaidat

Brown

Obeidat

et al. 2020

Sensors

View full text Add to dashboard Cite

A significant percentage of security research that is conducted suffers from common issues that prevent wide-scale adoption. Common snags of such proposed methods tend to include (i) introduction of additional nodes within the communication architecture, breaking the simplicity of the typical client–server model, or fundamental restructuring of the Internet ecosystem; (ii) significant inflation of responsibilities or duties for the user and/or server operator; and (iii) adding increased risks surrounding sensitive data during the authentication process. Many schemes seek to prevent brute-forcing attacks; they often ignore either partially or holistically the dangers of other cyber-attacks such as MiTM or replay attacks. Therefore, there is no incentive to implement such proposals, and it has become the norm instead to inflate current username/password authentication systems. These have remained standard within client–server authentication paradigms, despite insecurities stemming from poor user and server operator practices, and vulnerabilities to interception and masquerades. Besides these vulnerabilities, systems which revolve around secure authentication typically present exploits of two categories; either pitfalls which allow MiTM or replay attacks due to transmitting data for authentication constantly, or the storage of sensitive information leading to highly specific methods of data storage or facilitation, increasing chances of human error. This paper proposes a more secure method of authentication that retains the current structure of accepted paradigms, but minimizes vulnerabilities which result from the process, and does not inflate responsibilities for users or server operators. The proposed scheme uses a hybrid, layered encryption technique alongside a two-part verification process, and provides dynamic protection against interception-based cyber-attacks such as replay or MiTM attacks, without creating additional vulnerabilities for other attacks such as bruteforcing. Results show the proposed mechanism outperforms not only standardized methods, but also other schemes in terms of deployability, exploit resilience, and speed.

show abstract

Section: Related Work and Significance Of This Studymentioning

confidence: 99%

Section: Related Work and Significance Of This Studymentioning

confidence: 99%

Section: Related Work and Significance Of This Studymentioning

confidence: 99%

See 1 more Smart Citation

A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication

Obaidat

Brown

Obeidat

et al. 2020

Sensors

View full text Add to dashboard Cite

show abstract

“…Other usability drawbacks of this scheme are to scan multiple images to identify a few preselected images for the password, which is considered as a time-consuming process. 8 In pure-recall based authentication system, users have to reproduce or draw something as their password. Pure-recall based schemes address the drawbacks of recognition based schemes but are prone to errors when a stylus is not used.…”

Section: Introductionmentioning

confidence: 99%

“…6,9 The recall-based systems are less vulnerable to dictionary, brute-force and social engineering attacks than text-based passwords because imitating human inputs by automatically generating mouse motions is difficult. 8 However, the problem with pure-recall based schemes is the users can hardly remember the sequence of drawing after a period. Additionally, it is challenging to reproduce the drawing same as the original password.…”

Section: Introductionmentioning

confidence: 99%

Graphical passwords: Behind the attainment of goals

Vaddeti

Vidiyala

Puritipati

et al. 2020

Security and Privacy

View full text Add to dashboard Cite

Graphical authentication methods have emerged as an alternative to the conventional authentication methods over the past couple of decades. One of the most popular among types of graphical authentication methods is recognition-based authentication, where the user taps on pass images from one or more challenge sets of images in order to authenticate. The study of existing graphical authentication systems shows that several of them compromise their security while making the method simpler, which could lead to perpetration of numerous attacks like guessing, hidden camera, smudge, shoulder surfing, and many other. Furthermore, a few of them sacrifice performance while targeting security alone. Yet, this paper proposes a new method that resists the aforementioned attacks with good performance, while preserving the benefits of graphical passwords such as ease of use and increased memorability.

show abstract

Balancing Usability and Security of Graphical Passwords

Lapin

Šiurkus

2022

Digital Interaction and Machine Intelligence

View full text Add to dashboard Cite

Although most widely used authentication involves characters as passwords, but secure text-based passwords are complex and difficult to remember. Users want to have easy to remember passwords, but these are vulnerable to various kinds of attacks and are predictable. To address these problems, graphical passwords that involve selection of images and drawing lines have been proposed. The encoded images support creation of secure passwords and facilitate their memorability. Thus, they are considered as an alternative to strengthen password security while preserving usability because secure textual passwords become more complicated to use. The research addresses the issue of improving the user experiences during graphical authentication. This paper examines cued recall-based, pure recall-based and recognition-based approaches. The proposed scheme is based on recognition-based scheme that is selected as the least vulnerable to various attacks. The solution is currently under development, two qualitative usability testing sessions are performed and the participants’ feedback is discussed.

show abstract

Graphical Passwords -- A Discussion

Cited by 14 publications

References 13 publications

A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication

A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication

Graphical passwords: Behind the attainment of goals

Balancing Usability and Security of Graphical Passwords

Contact Info

Product

Resources

About