From hot-spots towards experience-spots: Leveraging on users' sociocultural experiences to enhance security in cued-recall graphical authentication. Issue 149 (May 2021)
- Record Type:
- Journal Article
- Title:
- From hot-spots towards experience-spots: Leveraging on users' sociocultural experiences to enhance security in cued-recall graphical authentication. Issue 149 (May 2021)
- Main Title:
- From hot-spots towards experience-spots: Leveraging on users' sociocultural experiences to enhance security in cued-recall graphical authentication
- Authors:
- Constantinides, Argyris
Fidas, Christos
Belk, Marios
Pietron, Anna Maria
Han, Ting
Pitsillides, Andreas - Abstract:
- Highlights: We introduce a retrospective approach for delivering familiar picture passwords. The approach impacts users' visual behavior during password creation. The approach improves security against brute-force attacks. The approach does not hamper memorability of picture passwords. The approach introduces guessing vulnerabilities by people close to the user. Abstract: This paper suggests a novel cued-recall-based graphical authentication method, which leverages on users' sociocultural experiences for improving the security and memorability of selected secrets. We evaluated the suggested approach in the context of three user studies ( n = 139): a) an eye-tracking study ( n = 42) focusing on security in terms of resistance to brute-force attacks; b) a two-week study ( n = 71) focusing on memorability and login usability; and c) a controlled in-lab user study ( n = 26) focusing on human attack vulnerabilities among people sharing common sociocultural experiences. Analysis of results revealed that the suggested approach influenced visual behavior strategies of end-users, which subsequently resulted in significantly stronger passwords created on images reflecting their prior experiences than on images unfamiliar to them. Simultaneously, both reference and control groups performed similarly in terms of memorability and login efficiency and effectiveness. On the downside, the suggested approach introduces password guessing vulnerabilities in terms of allowing attackers whoHighlights: We introduce a retrospective approach for delivering familiar picture passwords. The approach impacts users' visual behavior during password creation. The approach improves security against brute-force attacks. The approach does not hamper memorability of picture passwords. The approach introduces guessing vulnerabilities by people close to the user. Abstract: This paper suggests a novel cued-recall-based graphical authentication method, which leverages on users' sociocultural experiences for improving the security and memorability of selected secrets. We evaluated the suggested approach in the context of three user studies ( n = 139): a) an eye-tracking study ( n = 42) focusing on security in terms of resistance to brute-force attacks; b) a two-week study ( n = 71) focusing on memorability and login usability; and c) a controlled in-lab user study ( n = 26) focusing on human attack vulnerabilities among people sharing common sociocultural experiences. Analysis of results revealed that the suggested approach influenced visual behavior strategies of end-users, which subsequently resulted in significantly stronger passwords created on images reflecting their prior experiences than on images unfamiliar to them. Simultaneously, both reference and control groups performed similarly in terms of memorability and login efficiency and effectiveness. On the downside, the suggested approach introduces password guessing vulnerabilities in terms of allowing attackers who share common experiences with the end-users to more easily identify regions of their selected secrets. Findings point towards a new direction for delivering personalized cued-recall graphical authentication schemes that depict image semantics bootstrapped to users' real-life experiences. … (more)
- Is Part Of:
- International journal of human-computer studies. Issue 149(2021)
- Journal:
- International journal of human-computer studies
- Issue:
- Issue 149(2021)
- Issue Display:
- Volume 149, Issue 149 (2021)
- Year:
- 2021
- Volume:
- 149
- Issue:
- 149
- Issue Sort Value:
- 2021-0149-0149-0000
- Page Start:
- Page End:
- Publication Date:
- 2021-05
- Subjects:
- User authentication -- Graphical passwords -- Sociocultural experiences -- Security -- Memorability -- User study
Human-machine systems -- Periodicals
Systems engineering -- Periodicals
Human engineering -- Periodicals
Human engineering
Human-machine systems
Systems engineering
Periodicals
Electronic journals
004.019 - Journal URLs:
- http://www.sciencedirect.com/science/journal/10715819 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.ijhcs.2021.102602 ↗
- Languages:
- English
- ISSNs:
- 1071-5819
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4542.288100
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 22891.xml