HCI and security systems

Patrick, Andrew S.; Long, Allen; Flinn, Scott

doi:10.1145/765891.766146

Cited by 50 publications

(18 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Some particular colors (e.g., red) also attract our attention, especially if there is a high contrast between the region's color and the background color. Finally, many studies have shown that users generally focus on people in a scene, and in particular on the eyes, mouth and hands [20,21,29]. In order to compute the focus of attention map for an image, all the above factors should be considered.…”

Section: Focus Of Attention Mapmentioning

confidence: 99%

Modeling user choice in the PassPoints graphical password scheme

Dirik¹,

Memon²,

Birget

2007

Proceedings of the 3rd Symposium on Usable Privacy and Security

150

123

View full text Add to dashboard Cite

We develop a model to identify the most likely regions for users to click in order to create graphical passwords in the PassPoints system. A PassPoints password is a sequence of points, chosen by a user in an image that is displayed on the screen. Our model predicts probabilities of likely click points; this enables us to predict the entropy of a click point in a graphical password for a given image. The model allows us to evaluate automatically whether a given image is well suited for the PassPoints system, and to analyze possible dictionary attacks against the system. We compare the predictions provided by our model to results of experiments involving human users. At this stage, our model and the experiments are small and limited; but they show that user choice can be modeled and that expansions of the model and the experiments are a promising direction of research.

show abstract

Section: Focus Of Attention Mapmentioning

confidence: 99%

Modeling user choice in the PassPoints graphical password scheme

Dirik¹,

Memon²,

Birget

2007

Proceedings of the 3rd Symposium on Usable Privacy and Security

150

123

View full text Add to dashboard Cite

show abstract

“…Until recently the security problem has been formulated as a technical problem. However, it is now becoming widely recognized that security is also fundamentally a human-computer interaction (HCI) problem (Patrick et al, 2003;Dourish, 2004). Most security mechanisms cannot be effective without taking into account the user.…”

Section: Introductionmentioning

confidence: 99%

PassPoints: Design and longitudinal evaluation of a graphical password system

Wiedenbeck

Waters

Birget

et al. 2005

International Journal of Human-Computer Studies

526

413

View full text Add to dashboard Cite

“…Is it possible to have both security and usability, or do both users and organizations have to accept what has typically been considered a trade-off between these two attributes [28]? Historically, you could have one, but not the other.…”

Section: Introductionmentioning

confidence: 99%

A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords

Tari

Ozok

Holden

2006

Proceedings of the Second Symposium on Usable Privacy and Security - SOUPS '06

223

147

View full text Add to dashboard Cite

Previous research has found graphical passwords to be more memorable than non-dictionary or "strong" alphanumeric passwords. Participants in a prior study expressed concerns that this increase in memorability could also lead to an increased susceptibility of graphical passwords to shoulder-surfing. This appears to be yet another example of the classic trade-off between usability and security for authentication systems. This paper explores whether graphical passwords' increased memorability necessarily leads to risks of shoulder-surfing. To date, there are no studies examining the vulnerability of graphical versus alphanumeric passwords to shoulder-surfing. This paper examines the real and perceived vulnerability to shoulder-surfing of two configurations of a graphical password, Passfaces™[30], compared to non-dictionary and dictionary passwords. A laboratory experiment with 20 participants asked them to try to shoulder surf the two configurations of Passfaces™ (mouse versus keyboard data entry) and strong and weak passwords. Data gathered included the vulnerability of the four authentication system configurations to shoulder-surfing and study participants' perceptions concerning the same vulnerability. An analysis of these data compared the relative vulnerability of each of the four configurations to shouldersurfing and also compared study participants' real and perceived success in shoulder-surfing each of the configurations. Further analysis examined the relationship between study participants' real and perceived success in shoulder-surfing and determined whether there were significant differences in the vulnerability of the four authentication configurations to shoulder-surfing.Findings indicate that configuring data entry for Passfaces™ through a keyboard is the most effective deterrent to shouldersurfing in a laboratory setting and the participants' perceptions were consistent with that result. While study participants believed that Passfaces™ with mouse data entry would be most vulnerable to shoulder-surfing attacks, the empirical results found that strong passwords were actually more vulnerable.

show abstract

HCI and security systems

Cited by 50 publications

References 13 publications

Modeling user choice in the PassPoints graphical password scheme

Modeling user choice in the PassPoints graphical password scheme

PassPoints: Design and longitudinal evaluation of a graphical password system

A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords

Contact Info

Product

Resources

About