A second look at the usability of click-based graphical passwords

Chiasson, Sonia; Biddle, Robert; Oorschot, Paul C. van

doi:10.1145/1280680.1280682

Cited by 125 publications

(143 citation statements)

References 8 publications

Supporting

Mentioning

134

Contrasting

Order By: Relevance

“…These results compare well with earlier work such as PassPoints [21], which yielded mean ratification times of 8.78-24.25s and 1.55-2.75 failed ratification attempts prior to successfully entering a cipher. Similarly, Chiasson et al [6] present a lab study of click-point-based graphical ciphers using multiple images and report a median ratification time of 7s and an error rate of 6%. In summary, this paper proposed improving the security of graphical cipher systems by integrating live display of a graphical object that a user picks.…”

Section: Discussionmentioning

confidence: 96%

“…As variations in tokens are inevitable with the Graphical Cipher Ratification System's setup, we also explored the robustness of the system in the case of repeated images with different point selections. 1) Materials: Five source images were selected based on the image categories with highest success rate in prior work [6]. They depicted people, food, tiny objects, and random text.…”

Section: Evaluation a Reliability Studymentioning

confidence: 99%

“…The first involved the use of a public system assigned image representing a crowd of people, as in [6], while the second concerned the use of a private personally chosen image, in this case a bowl of fruits. We state that the public plot imitates the case of the usual cued-recall graphical passwords, where the images used for verification are stored on a server and revealed at ratification time.…”

Section: ) Security Studymentioning

confidence: 99%

“…However, graphical passwords have their issues. One such issue is their sensitivity to intelligent guessing [5], [6], [23] and shoulder-surfing attacks [22]. These attacks are valid since the portions of images that are chosen by the users as password items are easy for an attacker to notice by intruding over shoulders or through camera surveillance to record input and are also comparatively predictable [20], [23].…”

mentioning

confidence: 99%

See 3 more Smart Citations

Graphical Cipher Ratification System

Chelliah¹

2017

IJRASET

View full text Add to dashboard Cite

Graphical Cipher Ratification System is a new graphical password strategy for common terminals that restores the passive digital models commonly used in graphical password systems with materialized tokens, in the form of digital images shown on device such as a smart phone. Users lay forward these images to a system and then input their password as a chain of options on live display of the token. Unique characteristics are taken from these options and used as the cipher. We lay forward three practicability studies of Graphical Cipher Ratification System exploring its authenticity, benefit, and protection against supervision. The authentication study shows that picture-characterized based passwords are noticeable and recommends necessary system attributes. Passwords should contain seven characteristics, 40% of which must analytically match the ones stored on a reliable server in order to be identical. The work completion time and error rates have to be 7.5 seconds and 9%, largely proportionate with the previous graphical password systems which use unchanging digital pictures. Lastly, the security research highlights Graphical Cipher Ratification System's resistance to inspection attack. Thus, three types of attacks such as shoulder surfing, camera-based surveillance or dictionary attacks will fail to record or notice the user's password. These results imply that Graphical Cipher Ratification System promises security while controlling the benefits of the present graphical password strategy. Index Terms-Graphical cipher, Ratification, digital images, shoulder surfing, surveillance, dictionary attacks I. INTRODUCTION Protected access to data establishes present day systems and services. We preserve our interactions, financial data, official documents, and personal files secured by lending identity information and then validating to that identity. Text passwords as well as personal identification numbers (PINs) are the main authentication method [5] as they are not complex and can be set up on systems such as public terminals, or mobile devices. However, difficult passwords can be forgotten easily [13] and are also subject to security problems. This is a major issue since an average user has 25 online accounts protected with up to six contrasting passwords [12] and showing a significant memory burden. To handle this problem, individuals take up insecure coping strategies such as repetition of passwords across systems, making a note of the passwords, or simply forgetting them completely [1]. To ensure that such issues are eased, researchers are looking at them carefully while putting forward and suggesting graphical password schemes [3], [4] that depend on input such as picking portions of a picture. These systems have been displayed to enhance memorability without disturbing input time and error rates [16] by also maintaining great resistance to brute force as well as guessing attacks [3]. However, graphical passwords have their issues. One such issue is their sensitivity to intelligent guessing [5], [6], [...

show abstract

Section: Discussionmentioning

confidence: 96%

Section: Evaluation a Reliability Studymentioning

confidence: 99%

Section: ) Security Studymentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

Graphical Cipher Ratification System

Chelliah¹

2017

IJRASET

View full text Add to dashboard Cite

show abstract

“…Recent field studies of security software have mostly involved evaluating the use of authentication mechanisms [3,6,4]. In 2009, Somayaji et al [11] introduced the concept of computer security clinical trials.…”

Section: Introductionmentioning

confidence: 99%

Methodology for a Field Study of Anti-malware Software

Lévesque

Davis

Fernandez

et al. 2012

Financial Cryptography and Data Security

Self Cite

View full text Add to dashboard Cite

Abstract. Anti-malware products are typically evaluated using structured, automated tests to allow for comparison with other products and for measuring improved efficiency against specific attacks. We propose that anti-malware testing would benefit from field studies assessing effectiveness in more ecologically valid settings. This paper presents our methodology for conducting a 4-month field study with 50 participants, including discussion of deployment and data collection, encouraging retention of participants, ethical concerns, and our experience to date.

show abstract

Cyber Security Technology Usability and Management

Smetters

2008

Wiley Handbook of Science and Technology for Homeland Security

View full text Add to dashboard Cite

show abstract

A second look at the usability of click-based graphical passwords

Cited by 125 publications

References 8 publications

Graphical Cipher Ratification System

Graphical Cipher Ratification System

Methodology for a Field Study of Anti-malware Software

Cyber Security Technology Usability and Management

Contact Info

Product

Resources

About