Design and evaluation of a shoulder-surfing resistant graphical password scheme

Wiedenbeck, Susan; Waters, Jim; Sobrado, Leonardo; Birget, Jean-Camille

doi:10.1145/1133265.1133303

Cited by 280 publications

(242 citation statements)

References 12 publications

Supporting

Mentioning

229

Contrasting

Unclassified

Order By: Relevance

“…Lock patterns are one type of recall-based graphical password [2]. They have been criticized because of their vulnerabilities to smudge attacks (i.e., recognizing the fingers' grease on the screen) [1], shoulder-surfing attacks [32] (i.e., observing or recording with a video camera the moment of authentication), and others. We hypothesize that adding biometric analysis to lock patterns can enhance the security of this type of graphical passwords by becoming a two-factor authentication mechanism.…”

Section: Fig 1 An Android Lock Patternmentioning

confidence: 99%

Exploring Touch-Screen Biometrics for User Identification on Smart Phones

Angulo

Wästlund

2012

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract. The use of mobile smart devices for storing sensitive information and accessing online services is increasing. At the same time, methods for authenticating users into their devices and online services that are not only secure, but also privacy and user-friendly are needed. In this paper, we present our initial explorations of the use of lock pattern dynamics as a secure and user-friendly two-factor authentication method. We developed an application for the Android mobile platform to collect data on the way individuals draw lock patterns on a touchscreen. Using a Random Forest machine learning classifier this method achieves an average Equal Error Rate (EER) of approximately 10.39%, meaning that lock patterns biometrics can be used for identifying users towards their device, but could also pose a threat to privacy if the users' biometric information is handled outside their control.

show abstract

Section: Fig 1 An Android Lock Patternmentioning

confidence: 99%

Exploring Touch-Screen Biometrics for User Identification on Smart Phones

Angulo

Wästlund

2012

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

show abstract

“…In [26], users need to recognize pass-objects and click inside the convex hull formed by all of the pass-objects. If properly designed, this method can provide good security.…”

Section: Related Workmentioning

confidence: 99%

“…However, their inherent security and usability problems [6][7][8][9][10][11] led to the development of graphical passwords as an alternative. To date, there have been several graphical password schemes, such as [7,18,[20][21][22][23][24][25][26]. They have overcome some drawbacks of traditional password schemes, but most of the current graphical password schemes remain vulnerable to spyware attacks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Against Spyware Using CAPTCHA in Graphical Password Scheme

et al. 2010

View full text Add to dashboard Cite

Abstract-Text-based password schemes have inherent security and usability problems, leading to the development of graphical password schemes. However, most of these alternate schemes are vulnerable to spyware attacks. We propose a new scheme, using CAPTCHA (Completely Automated Public Turing tests to tell Computers and Humans Apart) that retaining the advantages of graphical password schemes, while simultaneously raising the cost of adversaries by orders of magnitude. Furthermore, some primary experiments are conducted and the results indicate that the usability should be improved in the future work.

show abstract

“…In order to be authenticated, the user has to click any icon belonging to the convex-hull whose vertices are the pre-selected pass-icons. This scheme has been improved in [25].…”

Section: Related Workmentioning

confidence: 99%

A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost Devices

Galdi¹

2008

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Passwords and PINs are still the most deployed authentication mechanisms and their protection is a classical branch of research in computer security. Several password schemes, as well as more sophisticated tokens, algorithms, and protocols, have been proposed during the last years. Some proposals require dedicated devices, such as biometric sensors, whereas, others of them have high computational requirements. Graphical passwords are a promising research branch, but implementation of many proposed schemes often requires considerable resources (e.g., data storage, high quality displays) making difficult their usage on small devices, like old fashioned ATM terminals, smart cards and many low-price cellular phones.In this paper we present a graphical mechanism that handles authentication by means of a numerical PIN, that users have to type on the basis of a secret sequence of objects and a graphical challenge. The proposed scheme can be instantiated in a way to require low computation capabilities, making it also suitable for small devices with limited resources. We prove that our scheme is effective against "shoulder surfing" attacks.

show abstract

Design and evaluation of a shoulder-surfing resistant graphical password scheme

Cited by 280 publications

References 12 publications

Exploring Touch-Screen Biometrics for User Identification on Smart Phones

Exploring Touch-Screen Biometrics for User Identification on Smart Phones

Against Spyware Using CAPTCHA in Graphical Password Scheme

A Graphical PIN Authentication Mechanism with Applications to Smart Cards and Low-Cost Devices

Contact Info

Product

Resources

About