CCBS  A METHOD TO MAINTAIN MEMORABILITY, ACCURACY OF PASSWORD SUBMISSION AND THE EFFECTIVE PASSWORD SPACE IN CLICK-BASED VISUAL PASSWORDS

Haider Al-Khateeb; Carsten Maple

Home

Digital Library

Visit Digital Library

Conference Proceedings

IADIS International Conference Internet Applications and Research - IAR

IADIS International Conference Internet Applications and Research 2011 (part of MCCSIS 2011)

Document Info

Title:	CCBS A METHOD TO MAINTAIN MEMORABILITY, ACCURACY OF PASSWORD SUBMISSION AND THE EFFECTIVE PASSWORD SPACE IN CLICK-BASED VISUAL PASSWORDS
Author(s):	Haider Al-Khateeb, Carsten Maple
ISBN:	978-972-8939-40-3
Editors:	Piet Kommers, Nik Bessis and Pedro Isaías
Year:	2011
Edition:	Single
Keywords:	Authentication, visual passwords, click-based systems, hotspots, password space
Type:	Workshop Paper
First Page:	269
Last Page:	276
Language:	English
Cover:
Full Contents:	click to dowload
Paper Abstract:	Text passwords are vulnerable to many security attacks due to a number of reasons such as the insecure practices of end users who select weak passwords to maintain their long term memory. As such, visual password (VP) solutions were developed to maintain the security and usability of user authentication in collaborative systems. This paper focuses on the challenges facing click-based visual password systems and proposes a novel method in response to them. For instance, Hotspots reveal a serious vulnerability. They occur because users are attracted to specific parts of an image and neglect other areas. Undertaking image analysis to identify these high probability areas can assist dictionary attacks. Another concern is that click-based systems do not guide users towards the correct click-point they are aiming to select. For instance, users might recall the correct spot or area but still fail to include their click within the tolerance distance around the original click-point which results in more incorrect password submissions. Nevertheless, the Passpoints study by Wiedenbeck et al., 2005 inspected the retention of their VP in comparison with text passwords over the long term. Despite being cued-recall the successful rate of their VP submission was not superior to text passwords as it decreased from 85% (the instant retention on the day of registration) to 55% after 2 weeks. This result was identical to that of the text password in the same experiment. The successful submission rates after 6 weeks were also 55% for both VP and text passwords. This paper addresses these issues, and then presents a novel method (CCBS) as a usable solution supported by an empirical proof. A user study is conducted and the results are evaluated against a comparative study.

	Go Back

Social Media Links

amazon

Search

Login

Top Visited