Towards a metric for recognition-based graphical password security

English, Rosanne; Poet, Ron

doi:10.1109/icnss.2011.6060007

Cited by 14 publications

(14 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Moreover, poor selection of background images that have popular potential points yields to being easily predicted, for instance a study by [16] cracked an average of 7-10% of user passpoints (click-based) passwords within 3 guesses only. Fig.1 Pattern with the Possibility of Points to be Skipped [13] Further to the work on click-based concept, proposals about choice-based or PassImages graphical authentication have risen [17,18]; in addition to the recent application of the concept on Windows 8.1 Picture Password [19]. There are a set of images on sequential grids; the secret is among them in a form of a series of images that should be pressed or clicked on a specific order, one at each grid.…”

Section: Patterns and Graphical Passwordsmentioning

confidence: 99%

Continuous and transparent multimodal authentication: reviewing the state of the art

et al. 2015

View full text Add to dashboard Cite

Individuals, businesses and governments undertake an ever-growing range of activities online and via various Internet-enabled digital devices. Unfortunately, these activities, services, information and devices are the targets of cybercrimes. Verifying the user legitimacy to use/access a digital device or service has become of the utmost importance. Authentication is the frontline countermeasure of ensuring only the authorized user is granted access; however, it has historically suffered from a range of issues related to the security and usability of the approaches. They are also still mostly functioning at the point of entry and those performing sort of re-authentication executing it in an intrusive manner. Thus, it is apparent that a more innovative, convenient and secure user authentication solution is vital. This paper reviews the authentication methods along with the current use of authentication technologies, aiming at developing a current state-of-the-art and identifying the open problems to be tackled and available solutions to be adopted. It also investigates whether these authentication technologies have the capability to fill the gap between high security and user satisfaction. This is followed by a literature review of the existing research on continuous and transparent multimodal authentication. It concludes that providing users with adequate protection and convenience requires innovative robust authentication mechanisms to be utilized in a universal level. Ultimately, a potential federated biometric authentication solution is presented; however it needs to be developed and extensively evaluated, thus operating in a transparent, continuous and user-friendly manner.

show abstract

Section: Patterns and Graphical Passwordsmentioning

confidence: 99%

Continuous and transparent multimodal authentication: reviewing the state of the art

et al. 2015

View full text Add to dashboard Cite

show abstract

“…Further to the work on click-based concept, proposals about choice-based or PassImages graphical authentication have risen [17], [18]. There are a set of images on sequential grids; the secret is among them in a form of a series of images that should be pressed or clicked on a specific order, one at each grid.…”

Section: ) Pattern and Graphical Passwordmentioning

confidence: 99%

The Current Use of Authentication Technologies: An Investigative Review

Abdulwahid

Clarke

Furnell

et al. 2015

2015 International Conference on Cloud Computing (ICCC)

View full text Add to dashboard Cite

Individuals, businesses and governments undertake an ever-growing range of activities online and via various Internet-enabled digital devices. Unfortunately, these activities, services, information and devices are the targets of cybercrimes. Verifying the user legitimacy to use/access a digital device or service has become of the utmost importance. Authentication is the frontline countermeasure of ensuring only the authorized user is granted access; however, it has historically suffered from a range of issues related to the security and usability of the approaches. Further to this, they are still mostly functioning at the point of entry and those performing sort of re-authentication executing it in an intrusive manner. This paper reviews the authentication methods along with the current use of authentication technologies, aiming at developing a current state-of-the-art understanding addressing the open problems to be tackled and available solutions to be adopted. Furthermore, it investigates whether these authentication technologies have the capability to fill the gap between high security and user satisfaction. Ultimately, it concludes that providing users with adequate protection and convenience requires innovative robust authentication mechanisms to be utilized in a universal level, thus operating in a transparent, continuous and user-friendly manner

show abstract

“…À direita a senha está exibida pelo fato da opc ¸ão "Mostrar senha" ter sido selecionada. Caso uma pessoa opte pela visualizac ¸ão da senha, como no caso exibido na Figura 1b, a autenticac ¸ão estará mais vulnerável a ataques de shoulder surfing [Bošnjak andBrumen 2020] [English andPoet 2011]. Nesse tipo de ataque, um atacante espiona o(a) usuário(a) de um dispositivo eletrônico a fim de obter informac ¸ões pessoais, como a senha por exemplo [Lexico 2022].…”

Section: Introduc ¸ãOunclassified

“…O HashifyPass leva em considerac ¸ão a importância da utilizac ¸ão de elementos gráficos para memorizac ¸ão de informac ¸ões de autenticac ¸ão mas, diferente dos setenta e sete trabalhos avaliados em [Bošnjak and Brumen 2020], esses elementos são aplicados para visualizac ¸ão do hash de uma senha textual, impedindo que um atacante seja capaz de descobrir a senha digitada. [English and Poet 2011] discute potenciais ataques contra esquemas de autenticac ¸ão que utilizam senhas gráficas. O modelo de ameac ¸as utilizado pelos autores considera shoulder surfing, ataques de intersecc ¸ão, escuta para posterior ataque de replay, phishing e táticas de engenharia social para adivinhar a senha.…”

Section: Introduc ¸ãOunclassified

HashifyPass - Uma Ferramenta para Visualização de Hashes de Senhas

Carvalho

Ribeiro

Batista

et al. 2022

Anais Estendidos Do XXII Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg Estendido 2022)

View full text Add to dashboard Cite

Por motivos de segurança, é recomendável criar senhas longas, completamente desestruturadas, aleatórias e diferentes para cada uma das contas pessoais. Como consequência desses requisitos, algumas pessoas podem querer confirmar que digitaram a senha correta antes de submeterem um formulário de login. Para auxiliar nessa confirmação, muitos websites contam com a opção de visualizar a senha, o que torna a autenticação mais vulnerável a ataques de shoulder surfing. Este artigo apresenta a ferramenta HashifyPass, que permite que senhas de websites sejam confirmadas sem exibi-las. Para isso, é usada uma animação para a visualização do hash da senha. A integração do software em um formulário de login atesta sua eficácia.

show abstract

Towards a metric for recognition-based graphical password security

Cited by 14 publications

References 12 publications

Continuous and transparent multimodal authentication: reviewing the state of the art

Continuous and transparent multimodal authentication: reviewing the state of the art

The Current Use of Authentication Technologies: An Investigative Review

HashifyPass - Uma Ferramenta para Visualização de Hashes de Senhas

Contact Info

Product

Resources

About