extended-abstract

A security assessment of tiles: a new portfolio-based graphical authentication system

Authors:

Patrick OlivierAuthors Info & Claims

CHI EA '12: CHI '12 Extended Abstracts on Human Factors in Computing Systems

Pages 1967 - 1972

https://doi.org/10.1145/2212776.2223737

Published: 05 May 2012 Publication History

Get Access

Abstract

In this paper we propose Tiles, a graphical authentication system in which users are assigned a target image and subsequently asked to select segments of that image. We assess the extent to which this system provides protection against two security threats: observation attacks and sharing of authentication credentials in two laboratory-based studies. We note some of the vulnerabilities of the new system but provide evidence that automated manipulation of the similarity of the decoy images can help mitigate the threat from verbal sharing and observation attacks.

References

[1]

Angeli, A. De, Coutts, M., Coventry, L., Johnson, G., Cameron, D., and Fischer, M. VIP: a visual approach to user authentication. In Proc. of AVI (2002), 316--323.

Digital Library

Google Scholar

[2]

Baddeley, A. Human Memory: Theory and Practice. Psychology Press, 1997.

Google Scholar

[3]

Dunphy, P., Heiner, A., and Asokan, N. A closer look at recognition-based graphical passwords on mobile devices. In Proc. of SOUPS (2010).

Digital Library

Google Scholar

[4]

Dunphy, P., Nicholson, J., and Olivier, P. L. Securing Passfaces for Description. In Proc. Of SOUPS (2008), 24--35.

Digital Library

Google Scholar

[5]

Florencio, D. and Herley, C. A large-scale study of web password habits. In Proc. of WWW (2007), 657--666.

Digital Library

Google Scholar

[6]

Sasse, M. A., Brostoff, S., and Weirich, D. Transforming the 'weakest link' - a human/computer interaction approach to usable and effective security. BT Technology Journal 19, 3 (2001), 122--131.

Digital Library

Google Scholar

[7]

Tari, F., Ozok, A., and Holden, S. H. A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In Proc. of SOUPS (2006), 56--66.

Digital Library

Google Scholar

[8]

Tullis, T. S. and Tedesco, D. P. Using personal photos as pictorial passwords. In Proc. of CHI (2005), 1841--1844.

Digital Library

Google Scholar

[9]

Tullis, T. S., Tedesco, D. P., and McCaffrey, K. E. Can users remember their pictorial passwords six years later. In Proc. of CHI (2011), 1789--1794.

Digital Library

Google Scholar

[10]

Wiedenbeck, S., Waters, J., Sobrado, L., and Birget, J. Design and evaluation of a shoulder-surfing resistant graphical password scheme. In Proc. of AVI (2006), 177--184.

Digital Library

Google Scholar

Cited By

View all

Germanakos PBelk MGermanakos PBelk M(2016)The Usable Security CaseHuman-Centred Web Adaptation and Personalization10.1007/978-3-319-28050-9_8(287-330)Online publication date: 20-Feb-2016
https://doi.org/10.1007/978-3-319-28050-9_8
Mangle APatel S(2014)Issues in user authentication using security questionsInternational Journal of Information and Computer Security10.1504/IJICS.2014.0681006:4(383-407)Online publication date: 1-Mar-2014
https://dl.acm.org/doi/10.1504/IJICS.2014.068100
Schaub FWalch MKönings BWeber MBauer LBeznosov KCranor L(2013)Exploring the design space of graphical passwords on smartphonesProceedings of the Ninth Symposium on Usable Privacy and Security10.1145/2501604.2501615(1-14)Online publication date: 24-Jul-2013
https://dl.acm.org/doi/10.1145/2501604.2501615
Show More Cited By

Index Terms

A security assessment of tiles: a new portfolio-based graphical authentication system
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords
SOUPS '06: Proceedings of the second symposium on Usable privacy and security

Previous research has found graphical passwords to be more memorable than non-dictionary or "strong" alphanumeric passwords. Participants in a prior study expressed concerns that this increase in memorability could also lead to an increased ...
Design and evaluation of a shoulder-surfing resistant graphical password scheme
AVI '06: Proceedings of the working conference on Advanced visual interfaces

When users input their passwords in a public place, they may be at risk of attackers stealing their password. An attacker can capture a password by direct observation or by recording the individual's authentication session. This is referred to as ...
Towards Baselines for Shoulder Surfing on Mobile Authentication
ACSAC '17: Proceedings of the 33rd Annual Computer Security Applications Conference

Given the nature of mobile devices and unlock procedures, unlock authentication is a prime target for credential leaking via shoulder surfing, a form of an observation attack. While the research community has investigated solutions to minimize or ...

Comments

Information & Contributors

Information

Published In

CHI EA '12: CHI '12 Extended Abstracts on Human Factors in Computing Systems

May 2012

2864 pages

ISBN:9781450310161

DOI:10.1145/2212776

General Chair:
Joseph A. Konstan
University of Minnesota
,
Program Chairs:
Ed H. Chi
Google
,
Kristina Höök
Mobile Life at KTH

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 May 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Extended-abstract

Conference

CHI '12

Sponsor:

SIGCHI

CHI '12: CHI Conference on Human Factors in Computing Systems

May 5 - 10, 2012

Texas, Austin, USA

Acceptance Rates

Overall Acceptance Rate 6,164 of 23,696 submissions, 26%

Upcoming Conference

CHI 2025

Sponsor:
sigchi

ACM CHI Conference on Human Factors in Computing Systems

April 26 - May 1, 2025

Yokohama , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
331
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Germanakos PBelk MGermanakos PBelk M(2016)The Usable Security CaseHuman-Centred Web Adaptation and Personalization10.1007/978-3-319-28050-9_8(287-330)Online publication date: 20-Feb-2016
https://doi.org/10.1007/978-3-319-28050-9_8
Mangle APatel S(2014)Issues in user authentication using security questionsInternational Journal of Information and Computer Security10.1504/IJICS.2014.0681006:4(383-407)Online publication date: 1-Mar-2014
https://dl.acm.org/doi/10.1504/IJICS.2014.068100
Schaub FWalch MKönings BWeber MBauer LBeznosov KCranor L(2013)Exploring the design space of graphical passwords on smartphonesProceedings of the Ninth Symposium on Usable Privacy and Security10.1145/2501604.2501615(1-14)Online publication date: 24-Jul-2013
https://dl.acm.org/doi/10.1145/2501604.2501615
Dunphy POlivier PZakon R(2012)On automated image choice for secure and usable graphical passwordsProceedings of the 28th Annual Computer Security Applications Conference10.1145/2420950.2420965(99-108)Online publication date: 3-Dec-2012
https://dl.acm.org/doi/10.1145/2420950.2420965

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords

Design and evaluation of a shoulder-surfing resistant graphical password scheme

Towards Baselines for Shoulder Surfing on Mobile Authentication