Abstract
One claimed advantage of the image passwords used in recognition based graphical authentication systems (RBGSs) over text passwords is that they cannot be written down or verbally disclosed. However, there is no empirical evidence to support this claim. In this paper, we present the first published comparison of the vulnerability of four different image types -Mikon, doodle, art and everyday object images to verbal/spoken descriptions, when used as passwords in RBGS. This paper considers one of the human factors in security i.e. password sharing through spoken descriptions. The user study conducted with 126 participants (56 callers/ describer and 70 listeners/ attacker) measures how easy it is for an attacker to guess a password in a RBGS, if the passwords are verbally described. The experimental set up is a two way dialogue between a caller and a listener over telephone using repeated measures protocol, which measures mean successful login percentage. The results of the study show the object images to be most guessable, and doodles follow close behind. Mikon images are less guessable than doodle followed by art images, which are the least guessable. We believe that unless, the human factors in security like the one considered in this paper is taken into account, the RBGSs will always look secure on paper, but fail in practice.
Original language | English |
---|---|
Title of host publication | 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications |
Publisher | IEEE |
Pages | 768-775 |
Number of pages | 8 |
ISBN (Print) | 978-0-7695-5022-0 |
DOIs | |
Publication status | Published - 2013 |
Event | 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications: 11th IEEE International Symposium on Parallel and Distributed Processing with Applications / 12th IEEE International Conference on Ubiquitous Computing and Communications - Melbourne, Australia Duration: 16 Jul 2013 → 18 Jul 2013 |
Conference
Conference | 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications |
---|---|
Abbreviated title | TrustCom 2013 / ISPA-13 / IUCC-2013 |
Country/Territory | Australia |
City | Melbourne |
Period | 16/07/13 → 18/07/13 |