Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
FP-Block: Usable Web Privacy by Controlling Browser Fingerprinting Kapitel lesen Erstes Kapitel lesen

2015 | OriginalPaper | Buchkapitel

Leveraging Real-Life Facts to Make Random Passwords More Memorable

verfasst von : Mahdi Nasrullah Al-Ameen, Kanis Fatema, Matthew Wright, Shannon Scielzo

Erschienen in: Computer Security -- ESORICS 2015

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

User-chosen passwords fail to provide adequate security. System-assigned random passwords are more secure but suffer from memorability problems. We argue that the system should remove this burden from users by assisting with the memorization of randomly assigned passwords. To meet this need, we aim to apply the scientific understanding of long-term memory. In particular, we examine the efficacy of augmenting a system-assigned password scheme based on textual recognition by providing users with verbal cues—real-life facts corresponding to the assigned keywords. In addition, we explore the usability gain of including images related to the keywords along with the verbal cues. We conducted a multi-session in-lab user study with 52 participants, where each participant was assigned three different passwords, each representing one study condition. Our results show that the textual recognition-based scheme offering verbal cues had a significantly higher login success rate (94 %) as compared to the control condition, i.e., textual recognition without verbal cues (61 %). The comparison between textual and graphical recognition reveals that when users were provided with verbal cues, adding images did not significantly improve the login success rate, but it did lead to faster recognition of the assigned keywords. We believe that our findings make an important contribution to understanding the extent to which different types of cues impact the usability of system-assigned passwords.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Towards Attack-Resistant Peer-Assisted Indoor Localization
Nächstes Kapitel The Emperor’s New Password Creation Policies:
Fußnoten
1
http://​www.​realuser.​com/​ shows testimonials about Passfaces from customers.
 
2
Though we note that videotaping could overcome this.
 
Literatur
1.
2.
Al-Ameen, M.N., Haque, S.M.T., Wright, M.: Q-A: Towards the solution of usability-security tension in user authentication. Technical report (2014). arXiv:​1407.​7277 [cs.HC]
3.
Al-Ameen, M.N., Wright, M.: A comprehensive study of the GeoPass user authentication scheme. Technical report (2014). arXiv:​1408.​2852 [cs.HC]
4.
Al-Ameen, M.N., Wright, M.: Multiple-password interference in the GeoPass user authentication scheme. In: USEC (2015)
5.
Al-Ameen, M.N., Wright, M., Scielzo, S.: Towards making random passwords memorable: leveraging users’ cognitive ability through multiple cues. In: CHI (2015)
6.
Anderson, J.R., Bower, G.H.: Recognition and recall processes in free recall. Psychol. Rev. 79(2), 97–123 (1972)CrossRef
7.
Atinkson, C.R., Shiffrin, M.R.: Human memory: a proposed system and its control processes. In: Spence, K.W., Spence, J.T. (eds.) Advances in the Psychology of Learning and Motivation. Academic press, New York (1968)
8.
Biddle, R., Chiasson, S., van Oorschot, P.: Graphical passwords: learning from the first twelve years. ACM Comput. Surv. 44(4), 19 (2012)CrossRefMATH
9.
Chiasson, S., Biddle, R., van Oorschot, P.C.: A second look at the usability of click-based graphical passwords. In: SOUPS (2007)
10.
Chiasson, S., Forget, A., Biddle, R., van Oorschot, P.: User interface design affects security: patterns in click-based graphical passwords. Int. J. Inf. Secur. 8(6), 387–398 (2009)CrossRef
11.
Chiasson, S., van Oorschot, P.C., Biddle, R.: Graphical password authentication using cued click points. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 359–374. Springer, Heidelberg (2007) CrossRef
12.
Chiasson, S., Stobert, E., Biddle, R., van Oorschot, P.: Persuasive cued click-points: design, implementation, and evaluation of a knowledge- based authentication mechanism. IEEE TDSC 9, 222–235 (2012)
13.
Das, A., Bonneau, J., Caesar, M., Borisov, N., Wangz, X.: The tangled web of password reuse. In: NDSS (2014)
14.
Davis, D., Monrose, F., Reiter, M.: On user choice in graphical password schemes. In: USENIX Security (2004)
15.
Dirik, A.E., Memon, N., Birget, J.C.: Modeling user choice in the passpoints graphical password scheme. In: SOUPS (2007)
16.
Dunphy, P., Yan, J.: Do background images improve “Draw a Secret” graphical passwords? In: CCS (2007)
17.
Everitt, K., Bragin, T., Fogarty, J., Kohno, T.: A comprehensive study of frequency, interference, and training of multiple graphical passwords. In: CHI (2009)
18.
Fahl, S., Harbach, M., Acar, Y., Smith, M.: On the ecological validity of a password study. In: SOUPS (2013)
19.
Florencio, D., Herley, C.: Where do security policies come from? In: SOUPS (2010)
20.
Forget, A.: A World with Many Authentication Schemes. Ph.D. thesis, Carleton University (2012)
21.
Forget, A., Chiasson, S., van Oorschot, P.C., Biddle, R.: Persuasion for stronger passwords: motivation and pilot study. In: Oinas-Kukkonen, H., Hasle, P., Harjumaa, M., Segerståhl, K., Øhrstrøm, P. (eds.) PERSUASIVE 2008. LNCS, vol. 5033, pp. 140–150. Springer, Heidelberg (2008) CrossRef
22.
Forget, A., Chiasson, S., van Oorschot, P., Biddle, R.: Improving text passwords through persuasion. In: SOUPS (2008)
23.
Furnell, S., Papadopoulos, I., Dowland, P.: A long-term trial of alternative user authentication technologies. Inf. Manag. Comput. Secur. 12(2), 178–190 (2004)CrossRef
24.
Hayashi, E., Hong, J.I.: A diary study of password usage in daily life. In: CHI (2011)
25.
Hlywa, M., Biddle, R., Patrick, A.S.: Facing the facts about image type in recognition-based graphical passwords. In: ACSAC (2011)
26.
Jermyn, I., Mayer, A., Monrose, F., Reiter, M., Rubin, A.: The design and analysis of graphical passwords. In: USENIX Security (1999)
27.
Just, M., Aspinall, D.: Personal choice and challenge questions a security and usability assessment. In: SOUPS (2009)
28.
Kuo, C., Romanosky, S., Cranor, L.F.: Human selection of mnemonic phrase-based passwords. In: SOUPS (2006)
29.
Nali, D., Thorpe, J.: Analyzing user choice in graphical passwords. Technical report TR-04-01, School of Computer Science, Carleton University (2004)
30.
Nelson, D.L., Reed, V.S., McEvoy, C.L.: Learning to order pictures and words: a model of sensory and semantic encoding. J. Exp. Psychol. Hum. Learn. Mem. 3(5), 485–497 (1977)CrossRef
31.
Nicholson, J., Coventry, L., Briggs, P.: Age-related performance issues for PIN and face-based authentication systems. In: CHI (2013)
32.
Paivio, A.: Mind and Its Evolution: A Dual Coding Theoretical Approach. Lawrence Erlbaum, Mahwah, NJ (2006)
33.
Proctor, R.W., Lien, M.C., Vu, K.P.L., Schultz, E.E., Salvendy, G.: Improving computer security for authentication of users: influence of proactive password restrictions. Behav. Res. Meth. Instrum. Comput. 34(2), 163–169 (2002)CrossRef
34.
Rabkin, A.: Personal knowledge questions for fallback authentication: security questions in the era of Facebook. In: SOUPS (2008)
35.
36.
Schechter, S., Brush, A.J.B., Egelman, S.: It’s no secret: measuring the security and reliability of authentication via ‘secret’ questions. In: IEEE S&P (2009)
37.
Shay, R., Kelley, P.G., Komanduri, S., Mazurek, M.L., Ur, B., Vidas, T., Bauer, L., Christin, N., Cranor, L.F.: Correct horse battery staple: exploring the usability of system-assigned passphrases. In: SOUPS (2012)
38.
Shay, R., Komanduri, S., Kelley, P.G., Leon, P.G., Mazurek, M.L., Bauer, L., Christin, N., Cranor, L.F.: Encountering stronger password requirements: user attitudes and behaviors. In: SOUPS (2010)
39.
Tari, F., Ozok, A., Holden, S.: A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: SOUPS (2006)
40.
Thorpe, J., MacRae, B., Salehi-Abari, A.: Usability and security evaluation of GeoPass: a geographic location-password scheme. In: SOUPS (2013)
41.
Tulving, E., Thompson, D.M.: Encoding specificity and retrieval processes in episodic memory. Psychol. Rev. 80(5), 352–373 (1973)CrossRef
42.
Tulving, E., Watkins, M.: Continuity between recall and recognition. Am. J. Psychol. 86(4), 739–748 (1973)CrossRef
43.
Wickelgren, W.A., Norman, D.A.: Strength models and serial position in short-term recognition memory. J. Math. Psychol. 3, 316–347 (1966)CrossRef
44.
Wiedenbeck, S., Waters, J., Birget, J., Brodskiy, A., Memon, N.: Authentication using graphical passwords: effects of tolerance and image choice. In: SOUPS (2005)
45.
Wright, N., Patrick, A.S., Biddle, R.: Do you see your password? applying recognition to textual passwords. In: SOUPS (2012)
Metadaten
Titel
Leveraging Real-Life Facts to Make Random Passwords More Memorable
verfasst von
Mahdi Nasrullah Al-Ameen
Kanis Fatema
Matthew Wright
Shannon Scielzo
Copyright-Jahr
2015
Buch
Computer Security -- ESORICS 2015

Print ISBN: 978-3-319-24176-0

Electronic ISBN: 978-3-319-24177-7

Copyright-Jahr: 2015

DOI
https://doi.org/10.1007/978-3-319-24177-7_22