Skip to main content
Top
Published in:

2019 | OriginalPaper | Chapter

Grid Authentication: A Memorability and User Sentiment Study

Authors : Paul Biocco, Mohd Anwar

Published in: HCI for Cybersecurity, Privacy and Trust

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Despite being one of the most crucial parts of online transactions, the most used authentication system, the username and password system, has shown to be weaker than ever. With the increase of processing power within computers, offline password attacks such as dictionary attacks, rainbow tables, and hash tables have become more effective against divulging account information from stolen databases. This has led to alternative solutions being proposed, such as logging in with a social media account or password managers, which do not replace the password entirely. Graphical alternatives have previously proposed, but none of them have become widely used. In a previous paper we proposed our own alternative called “Grid Authentication”, which would allow users to authenticate using a sequence of clicks on a colored Grid, shown to be resistant against offline password attacks. Now we have implemented and tested Grid Authentication’s memorability and recorded user sentiment data. Participants logged in using a newly created password, an 8-character password randomly generated for them, as well as used Grid Authentication scheme for three days each, once per day. We found that overall, Grid Authentication’s memorability was like a user chosen password, and far superior to the randomly generated 8-character password. We also observed that user’s overall sentiment towards Grid Authentication increased significantly after three days of regular use. Despite this, while sentiment over the system was overall positive, users perceived that they remembered the password more easily, perhaps given hints as to why alternative authentication types have not become widely used.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Appendix
Available only for authorised users
Literature
1.
go back to reference Weir, M., Aggarwal, S., Collins, M., Stern, H.: Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of CCS (2010) Weir, M., Aggarwal, S., Collins, M., Stern, H.: Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of CCS (2010)
2.
go back to reference Walters, R.: Cyber attacks on US companies in 2014. Heritage Found. 4289, 1–5 (2014) Walters, R.: Cyber attacks on US companies in 2014. Heritage Found. 4289, 1–5 (2014)
3.
go back to reference Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th International Conference on World Wide Web, pp. 657–666. ACM, May 2007 Florencio, D., Herley, C.: A large-scale study of web password habits. In: Proceedings of the 16th International Conference on World Wide Web, pp. 657–666. ACM, May 2007
5.
go back to reference Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2(5), 25–31 (2004)CrossRef Yan, J., Blackwell, A., Anderson, R., Grant, A.: Password memorability and security: empirical results. IEEE Secur. Priv. 2(5), 25–31 (2004)CrossRef
6.
go back to reference Bonneau, J.: Measuring password re-use empirically. Light Blue Touchpaper (2011) Bonneau, J.: Measuring password re-use empirically. Light Blue Touchpaper (2011)
7.
go back to reference Zviran, M., Haga, W.J.: Password security: an empirical study. J. Manag. Inf. Syst. 15(4), 161–185 (1999)CrossRef Zviran, M., Haga, W.J.: Password security: an empirical study. J. Manag. Inf. Syst. 15(4), 161–185 (1999)CrossRef
8.
go back to reference Gafni, R., Nissim, D.: To social login or not login? Exploring factors affecting the decision. Issues Informing Sci. Inf. Technol. 11(1), 057–072 (2014)CrossRef Gafni, R., Nissim, D.: To social login or not login? Exploring factors affecting the decision. Issues Informing Sci. Inf. Technol. 11(1), 057–072 (2014)CrossRef
9.
go back to reference Silver, D., Jana, S., Boneh, D., Chen, E.Y., Jackson, C.: Password managers: attacks and defenses. In: USENIX Security Symposium, pp. 449–464, August 2014 Silver, D., Jana, S., Boneh, D., Chen, E.Y., Jackson, C.: Password managers: attacks and defenses. In: USENIX Security Symposium, pp. 449–464, August 2014
10.
go back to reference Belenko, A., Sklyarov, D.: “Secure Password Managers” and “Military-Grade Encryption” on Smartphones: Oh, Really? Blackhat Europe (2012) Belenko, A., Sklyarov, D.: “Secure Password Managers” and “Military-Grade Encryption” on Smartphones: Oh, Really? Blackhat Europe (2012)
11.
go back to reference Prabhakar, S., Pankanti, S., Jain, A.K.: Biometric recognition: Security and privacy concerns. IEEE Secur. Priv. 2, 33–42 (2003)CrossRef Prabhakar, S., Pankanti, S., Jain, A.K.: Biometric recognition: Security and privacy concerns. IEEE Secur. Priv. 2, 33–42 (2003)CrossRef
13.
go back to reference De Angeli, A., Coventry, L., Johnson, G., Renaud, K.: Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. Int. J. Hum Comput Stud. 63(1–2), 128–152 (2005)CrossRef De Angeli, A., Coventry, L., Johnson, G., Renaud, K.: Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. Int. J. Hum Comput Stud. 63(1–2), 128–152 (2005)CrossRef
14.
go back to reference Renaud, K., De Angeli, A.: My password is here! An investigation into visuo-spatial authentication mechanisms. Interact. Comput. 16(6), 1017–1041 (2004)CrossRef Renaud, K., De Angeli, A.: My password is here! An investigation into visuo-spatial authentication mechanisms. Interact. Comput. 16(6), 1017–1041 (2004)CrossRef
15.
go back to reference Baik, M., Suk, H.J., Lee, J., Choi, K.: Investigation of eye-catching colors using eye tracking. In: IS&T/SPIE Electronic Imaging, p. 86510W. International Society for Optics and Photonics, 14 March 2013 Baik, M., Suk, H.J., Lee, J., Choi, K.: Investigation of eye-catching colors using eye tracking. In: IS&T/SPIE Electronic Imaging, p. 86510W. International Society for Optics and Photonics, 14 March 2013
16.
go back to reference Renaud, K., Smith, E.: Jiminy: helping users to remember their passwords (2001) Renaud, K., Smith, E.: Jiminy: helping users to remember their passwords (2001)
17.
go back to reference Davis, D., Monrose, F., Reiter, M.K.: On user choice in graphical password schemes. In: USENIX Security Symposium, vol. 13, p. 11, August 2004 Davis, D., Monrose, F., Reiter, M.K.: On user choice in graphical password schemes. In: USENIX Security Symposium, vol. 13, p. 11, August 2004
18.
go back to reference Dhamija, R., Perrig, A.: Deja Vu-A user study: using images for authentication. In: USENIX Security Symposium, vol. 9, p. 4, August 2000 Dhamija, R., Perrig, A.: Deja Vu-A user study: using images for authentication. In: USENIX Security Symposium, vol. 9, p. 4, August 2000
19.
go back to reference De Angeli, A., Coutts, M., Coventry, L., Johnson, G.I., Cameron, D., Fischer, M.H.: VIP: a visual approach to user authentication. In: Proceedings of the Working Conference on Advanced Visual Interfaces, pp. 316–323. ACM, May 2002 De Angeli, A., Coutts, M., Coventry, L., Johnson, G.I., Cameron, D., Fischer, M.H.: VIP: a visual approach to user authentication. In: Proceedings of the Working Conference on Advanced Visual Interfaces, pp. 316–323. ACM, May 2002
20.
go back to reference Jermyn, I.H., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The design and analysis of graphical passwords. USENIX Association (1999) Jermyn, I.H., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The design and analysis of graphical passwords. USENIX Association (1999)
21.
go back to reference Goldberg, J., Hagman, J., Sazawal, V.: Doodling our way to better authentication. In: CHI 2002 Extended Abstracts on Human Factors in Computing Systems, pp. 868–869. ACM, April 2002 Goldberg, J., Hagman, J., Sazawal, V.: Doodling our way to better authentication. In: CHI 2002 Extended Abstracts on Human Factors in Computing Systems, pp. 868–869. ACM, April 2002
22.
go back to reference Oka, M., Kato, K., Xu, Y., Liang, L., Wen, F.: Scribble-a-secret: similarity-based password authentication using sketches. In: 19th International Conference on Pattern Recognition, ICPR 2008, pp. 1–4. IEEE, December 2008 Oka, M., Kato, K., Xu, Y., Liang, L., Wen, F.: Scribble-a-secret: similarity-based password authentication using sketches. In: 19th International Conference on Pattern Recognition, ICPR 2008, pp. 1–4. IEEE, December 2008
23.
go back to reference Harrison, D.A., Mohammed, S., McGrath, J.E., Florey, A.T., Vanderstoep, S.W.: Time matters in team performance: effects of member familiarity, entrainment, and task discontinuity on speed and quality. Pers. Psychol. 56(3), 633–669 (2003)CrossRef Harrison, D.A., Mohammed, S., McGrath, J.E., Florey, A.T., Vanderstoep, S.W.: Time matters in team performance: effects of member familiarity, entrainment, and task discontinuity on speed and quality. Pers. Psychol. 56(3), 633–669 (2003)CrossRef
24.
go back to reference Sun, C., Wang, Y., Zheng, J.: Dissecting pattern unlock: the effect of pattern strength meter on pattern selection. J. Inf. Secur. Appl. 19(4–5), 308–320 (2014) Sun, C., Wang, Y., Zheng, J.: Dissecting pattern unlock: the effect of pattern strength meter on pattern selection. J. Inf. Secur. Appl. 19(4–5), 308–320 (2014)
Metadata
Title
Grid Authentication: A Memorability and User Sentiment Study
Authors
Paul Biocco
Mohd Anwar
Copyright Year
2019
DOI
https://doi.org/10.1007/978-3-030-22351-9_1