Abstract

Usable security has unique usability challenges because the need for security often means that standard human-computer-interaction approaches cannot be directly applied. An important usability goal for authentication systems is to support users in selecting better passwords, thus increasing security by expanding the effective password space. In click-based graphical passwords, poorly chosen passwords lead to the emergence of hotspots -- portions of the image where users are more likely to select click-points, allowing attackers to mount more successful dictionary attacks. We use persuasion to influence user choice in click-based graphical passwords, encouraging users to select more random, and hence more secure, click-points. Our approach is to introduce persuasion to the Cued Click-Points graphical password scheme (Chiasson, van Oorschot, Biddle, 2007). Our resulting scheme significantly reduces hotspots while still maintaining its usability.

Highlights

  • While the predictability problem can be solved by disallowing user choice and assigning passwords to users, this usually leads to usability issues since

  • While we are not arguing that graphical passwords are the best approach to authentication, we find that they offer an excellent environment for exploring strategies for helping users select better passwords since it is easy to compare user choices

  • The base heat map shows the location of known hotspots derived for the PassPoints-field dataset and is identical on both plots. 2 (Best viewed in colour)

Read more

Summary

Introduction

Users tend to choose passwords that are memorable in some way, which often means that the passwords tend to follow predictable patterns that are easier for attackers to exploit. Our proposed system allows user choice while attempting to influence users to select stronger passwords. It makes the task of selecting a weak password (easy for attackers to predict) more tedious, in order to discourage users from making such choices. - There is a second group of users, namely illegitimate users, who are actively trying to attack the system Such attackers will exploit any information leaked by, or that can be extracted through, the interface. Influencing Users Towards Better Passwords: Persuasive Cued Click-Points the interface to trick legitimate users This makes providing helpful feedback difficult, as it may help attackers

Objectives
Results
Discussion
Conclusion
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call