Annual Computer Security Applications Conference (ACSAC) 2012

Full Program »

On Automated Image Choice for Secure and Usable Graphical Passwords

The usability of graphical passwords based upon recognition of images is widely explored. However, despite high recall performance results of such graphical passwords, it is likely that performance is highly contingent on certain attributes of the image sets presented to users. Characterizing this relationship remains an open problem, for example, there is no systematic (and empirically verified) method to determine how similarity between elements of an image set impacts on the usability of recognition-based graphical passwords. Strategies to assemble login images are usually carried out by hand which represents a significant barrier to uptake as the process has usability and security implications. In this paper we explore the role of simple image processing techniques to provide automated assembly of usable login challenges in the context of recognition-based graphical passwords. We firstly carry out a user study to obtain a similarity ranked image set, and use the results to select an optimal per-pixel image similarity metric. Then we conduct a short-term image recall test using Amazon Mechanical Turk with 343 subjects where we manipulated the similarity present in image grids. In the most significant case we found that login success rates could be manipulated by 40% and a difference in median login durations of 35 seconds through judicious, automated choice of decoy images

Author(s):

Paul Dunphy    
Newcastle University
United Kingdom

Patrick Olivier    
Newcastle University
United Kingdom

 

Powered by OpenConf®
Copyright©2002-2014 Zakon Group LLC