Exploring the Guessability of image passwords using verbal descriptions

Soumyadeb Chowdhury, Ron Poet, Lewis Mackenzie

Research output: Chapter in Book/Published conference outputConference publication

Abstract

One claimed advantage of the image passwords used in recognition based graphical authentication systems (RBGSs) over text passwords is that they cannot be written down or verbally disclosed. However, there is no empirical evidence to support this claim. In this paper, we present the first published comparison of the vulnerability of four different image types -Mikon, doodle, art and everyday object images to verbal/spoken descriptions, when used as passwords in RBGS. This paper considers one of the human factors in security i.e. password sharing through spoken descriptions. The user study conducted with 126 participants (56 callers/ describer and 70 listeners/ attacker) measures how easy it is for an attacker to guess a password in a RBGS, if the passwords are verbally described. The experimental set up is a two way dialogue between a caller and a listener over telephone using repeated measures protocol, which measures mean successful login percentage. The results of the study show the object images to be most guessable, and doodles follow close behind. Mikon images are less guessable than doodle followed by art images, which are the least guessable. We believe that unless, the human factors in security like the one considered in this paper is taken into account, the RBGSs will always look secure on paper, but fail in practice.
Original languageEnglish
Title of host publication2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications
PublisherIEEE
Pages768-775
Number of pages8
ISBN (Print)978-0-7695-5022-0
DOIs
Publication statusPublished - 2013
Event12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications: 11th IEEE International Symposium on Parallel and Distributed Processing with Applications / 12th IEEE International Conference on Ubiquitous Computing and Communications - Melbourne, Australia
Duration: 16 Jul 201318 Jul 2013

Conference

Conference12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications
Abbreviated titleTrustCom 2013 / ISPA-13 / IUCC-2013
Country/TerritoryAustralia
CityMelbourne
Period16/07/1318/07/13

Fingerprint

Dive into the research topics of 'Exploring the Guessability of image passwords using verbal descriptions'. Together they form a unique fingerprint.

Cite this