Graphical One-Time Password (GOTPass): A usability evaluation. Issue 1 (4th April 2016)
- Record Type:
- Journal Article
- Title:
- Graphical One-Time Password (GOTPass): A usability evaluation. Issue 1 (4th April 2016)
- Main Title:
- Graphical One-Time Password (GOTPass): A usability evaluation
- Authors:
- Alsaiari, Hussain
Papadaki, Maria
Dowland, Paul
Furnell, Steven - Abstract:
- ABSTRACT: Complying with a security policy often requires users to create long and complex passwords to protect their accounts. However, remembering such passwords is difficult for many and may lead to insecure practices, such as choosing weak passwords or writing them down. In addition, they are vulnerable to various types of attacks, such as shoulder surfing, replay, and keylogger attacks (Gupta, Sahni, Sabbu, Varma, & Gangashetty, 2012) One-Time Passwords (OTPs) aim to overcome such problems (Gupta et al., 2012); however, most implemented OTP techniques require special hardware, which not only adds cost, but there are also issues regarding its availability (Brostoff, Inglesant, & Sasse, 2010). In contrast, the use of graphical passwords is an alternative authentication mechanism designed to aid memorability and ease of use, often forming part of a multifactor authentication process. This article is complementary to the earlier work that introduced and evaluated the security of the new hybrid user-authentication approach: Graphical One-Time Password (GOTPass) (Alsaiari et al., 2015). The scheme aims to combine the usability of recognition-based and draw-based graphical passwords with the security of OTP. The article presents the results of an empirical user study that investigates the usability features of the proposed approach, as well as pretest and posttest questionnaires. The experiment was conducted during three separate sessions, which took place over five weeks, toABSTRACT: Complying with a security policy often requires users to create long and complex passwords to protect their accounts. However, remembering such passwords is difficult for many and may lead to insecure practices, such as choosing weak passwords or writing them down. In addition, they are vulnerable to various types of attacks, such as shoulder surfing, replay, and keylogger attacks (Gupta, Sahni, Sabbu, Varma, & Gangashetty, 2012) One-Time Passwords (OTPs) aim to overcome such problems (Gupta et al., 2012); however, most implemented OTP techniques require special hardware, which not only adds cost, but there are also issues regarding its availability (Brostoff, Inglesant, & Sasse, 2010). In contrast, the use of graphical passwords is an alternative authentication mechanism designed to aid memorability and ease of use, often forming part of a multifactor authentication process. This article is complementary to the earlier work that introduced and evaluated the security of the new hybrid user-authentication approach: Graphical One-Time Password (GOTPass) (Alsaiari et al., 2015). The scheme aims to combine the usability of recognition-based and draw-based graphical passwords with the security of OTP. The article presents the results of an empirical user study that investigates the usability features of the proposed approach, as well as pretest and posttest questionnaires. The experiment was conducted during three separate sessions, which took place over five weeks, to measure the efficiency, effectiveness, memorability, and user satisfaction of the new scheme. The results showed that users were able to easily create and enter their credentials as well as remember them over time. Participants carried out a total of 1, 302 login attempts with a 93% success rate and an average login time of 24.5 s. … (more)
- Is Part Of:
- Information security journal. Volume 25:Issue 1/3(2016)
- Journal:
- Information security journal
- Issue:
- Volume 25:Issue 1/3(2016)
- Issue Display:
- Volume 25, Issue 1/3 (2016)
- Year:
- 2016
- Volume:
- 25
- Issue:
- 1/3
- Issue Sort Value:
- 2016-0025-NaN-0000
- Page Start:
- 94
- Page End:
- 108
- Publication Date:
- 2016-04-04
- Subjects:
- Authentication -- graphical passwords -- knowledge-based authentication -- One-Time Password -- usable security
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.tandfonline.com/toc/uiss20/current ↗
http://www.tandf.co.uk/journals/titles/19393555.asp ↗
http://www.tandfonline.com/ ↗ - DOI:
- 10.1080/19393555.2016.1179374 ↗
- Languages:
- English
- ISSNs:
- 1939-3555
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4494.315500
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 1096.xml