PassContext and PassActions: transforming authentication into multi-dimensional contextual and interaction sequences

Abstract

Authorized access to resources by legitimate users plays a crucial role in providing a secure and hassle-free user experience in the digital environments. Password remains the major authentication mechanism though there exist various drawbacks like leakage due to phishing and shoulder surfing, etc. This paper proposes two stronger transformations of the password termed as “PassContext” and “PassActions” which attempts to overcome the vulnerabilities in the plain-text password by harnessing the intricacies of human–computer interaction. The PassContext incorporates the hardware and software oriented context information along with the keyed-in password text during the verification process to provide improved authentication. The PassActions transforms the password from being text-only representation into a dynamic user interaction sequence which improves the strength of the password significantly. The proposed model incorporates methodologies to represent PassContext and PassActions for both validation and persistence purposes. The prototype implementations of PassContext and PassActions are evaluated with a suit of thirteen proposed measures, system usability survey (SUS) for usability analysis and with a well-established comparative framework.