Securing passfaces for description

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Securing passfaces for description

Full text

Pdf (982 KB)

Source

ACM International Conference Proceeding Series; Vol. 337 archive
Proceedings of the 4th symposium on Usable privacy and security table of contents

Pittsburgh, Pennsylvania

SESSION: Authentication I table of contents

Pages 24-35

Year of Publication: 2008

ISBN:978-1-60558-276-4

Authors

Paul Dunphy	Newcastle University, Newcastle, UK
James Nicholson	Newcastle University, Newcastle, UK
Patrick Olivier	Newcastle University, Newcastle, UK

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 17, Downloads (12 Months): 115, Citation Count: 1

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1408664.1408668 What is a DOI?

ABSTRACT

One common practice in relation to alphanumeric passwords is to write them down or share them with a trusted friend or colleague. Graphical password schemes often claim the advantage that they are significantly more secure with respect to both verbal disclosure and writing down. We investigated the reality of this claim in relation to the Passfaces graphical password scheme. By collecting a corpus of naturalistic descriptions of a set of 45 faces, we explored participants' ability to associate descriptions with faces across three conditions in which the decoy faces were selected: (1) at random; (2) on the basis of their visual similarity to the target face; and (3) on the basis of the similarity of the verbal descriptions of the decoy faces to the target face. Participants were found to perform significantly worse when presented with visual and verbally grouped decoys, suggesting that Passfaces can be further secured for description. Subtle differences in both the nature of male and female descriptions, and male and female performance were also observed.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Anne Adams , Martina Angela Sasse, Users are not the enemy, Communications of the ACM, v.42 n.12, p.40-46, Dec. 1999 [doi>10.1145/322796.322806]
	2	G. Blonder. United States Patent 5559961, Graphical Passwords, 1996.
	3	S. Brostoff and A. Sasse. Are Passfaces more usable than passwords? A field trial investigation. In HCI 2000: Proceedings of People and Computers XIV - Usability or Else, pages 405--424. Springer, 2000.
	4	Sonia Chiasson , P. C. van Oorschot , Robert Biddle, A usability study and critique of two password managers, Proceedings of the 15th conference on USENIX Security Symposium, p.1, July 31-August 04, 2006, Vancouver, B.C., Canada
	5	J. Davies. Visual Code Recordal and Communication Thereof International Patent PCT/GB1999/001688, 1999.
	6	Darren Davis , Fabian Monrose , Michael K. Reiter, On user choice in graphical password schemes, Proceedings of the 13th conference on USENIX Security Symposium, p.11-11, August 09-13, 2004, San Diego, CA
	7	Darren Davis , Fabian Monrose , Michael K. Reiter, On user choice in graphical password schemes, Proceedings of the 13th conference on USENIX Security Symposium, p.11-11, August 09-13, 2004, San Diego, CA
	8	A. De Angeli, L. Coventry, G. Johnson, and M. Coutts. Usability and user authentication: Pictorial passwords vs. pin. In McCabe, P. T. (Ed.), Contemporary Ergonomics 2003., pages 253--258. Taylor & Francis. London, 2003.
	9	Rachna Dhamija , Adrian Perrig, Déjà Vu: a user study using images for authentication, Proceedings of the 9th conference on USENIX Security Symposium, p.4-4, August 14-17, 2000, Denver, Colorado
	10	Ahmet Emir Dirik , Nasir Memon , Jean-Camille Birget, Modeling user choice in the PassPoints graphical password scheme, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania [doi>10.1145/1280680.1280684]
	11	D. M. Horgan. Language development. University of Michigan doctoral dissertation, 1975.
	12	Paul Dunphy , Jeff Yan, Is FacePIN secure and usable?, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania [doi>10.1145/1280680.1280710]
	13	D. F. Halpern. Sex Differences in Cognitive Abilities. Lawrence Erlbaum, 3 edition, 2000.
	14	J. Huttenlocher, W. Haight, A. Bryk, M. Seltzer, and T. Lyons. Early Vocabulary growth:Relation to Language Input and Gender. In Developmental Psychology, volume 27, pages 236--248.
	15	Ian Jermyn , Alain Mayer , Fabian Monrose , Michael K. Reiter , Aviel D. Rubin, The design and analysis of graphical passwords, Proceedings of the 8th conference on USENIX Security Symposium, p.1-1, August 23-26, 1999, Washington, D.C.
	16	Mark Keith , Benjamin Shao , Paul John Steinbart, The usability of passphrases for authentication: An empirical field study, International Journal of Human-Computer Studies, v.65 n.1, p.17-28, January, 2007 [doi>10.1016/j.ijhcs.2006.08.005]
	17	Eric Lieberman , Robert C. Miller, Facemail: showing faces of recipients to prevent misdirected email, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania [doi>10.1145/1280680.1280696]
	18	Passfaces Corporation. The Science Behind Passfaces.
	19	Passfaces Corporation: http://www.passfaces.com.
	20	M. A. Sasse , S. Brostoff , D. Weirich, Transforming the 'Weakest Link' — a Human/Computer Interaction Approach to Usable and Effective Security, BT Technology Journal, v.19 n.3, p.122-131, July 2001 [doi>10.1023/A:1011902718709]
	21	SearchSecurity.com - http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci895483,00.html. Employees willing to share passwords with strangers (2003) last accessed 23/02/2008.
	22	Searchsecurity.com - http://searchsecurity.techtarget.com/news/article/0,289142,sid14_ gci902867,00.html. Most workers must remember 6 passwords or more (2003) last accessed 23/02/2008.
	23	Sidney L. Smith, Authenticating users by word associations, Computers and Security, v.6 n.6, p.464-470, December 1, 1987 [doi>10.1016/0167-4048(87)90027-7]
	24	Xiaoyuan Suo , Ying Zhu , G. Scott. Owen, Graphical Passwords: A Survey, Proceedings of the 21st Annual Computer Security Applications Conference, p.463-472, December 05-09, 2005 [doi>10.1109/CSAC.2005.27]
	25	Julie Thorpe , P. C. van Oorschot, Human-seeded attacks and exploiting hot-spots in graphical passwords, Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, p.1-16, August 06-10, 2007, Boston, MA
	26	T. Valentine. An Evaluation of the Passface Personal Authentication System. Technical Report. London: Goldmsiths College University of London., 1998.
	27	T. Valentine. Memory for Passfaces after a long delay. Technical Report. London: Goldmsiths College University of London., 1998.
	28	Susan Wiedenbeck , Jim Waters , Jean-Camille Birget , Alex Brodskiy , Nasir Memon, PassPoints: design and longitudinal evaluation of a graphical password system, International Journal of Human-Computer Studies, v.63 n.1-2, p.102-127, July 2005 [doi>10.1016/j.ijhcs.2005.04.010]
	29	Jeff Yan , Alan Blackwell , Ross Anderson , Alasdair Grant, Password Memorability and Security: Empirical Results, IEEE Security and Privacy, v.2 n.5, p.25-31, September 2004 [doi>10.1109/MSP.2004.81]
	30	Moshe Zviran , William J. Haga, Cognitive passwords: the key to easy access control, Computers and Security, v.9 n.9, p.723-736, Dec. 1990 [doi>10.1016/0167-4048(90)90115-A]
	31	M. Zviran and W. J. Haga. A comparison of password techniques for multilevel authentication mechanisms. The Computer Journal, 3(3), 1993.