research-article

Better, Funner, Stronger: A Gameful Approach to Nudge People into Making Less Predictable Graphical Password Choices

Authors:

George E. Raptis,

Christina Katsini,

Andrew Jian-lan Cen,

Nalin Asanka Gamagedara Arachchilage,

Lennart E. NackeAuthors Info & Claims

CHI '21: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

Article No.: 112, Pages 1 - 17

https://doi.org/10.1145/3411764.3445658

Published: 07 May 2021 Publication History

Abstract

Graphical user authentication (GUA) is a common alternative to text-based user authentication, where people are required to draw graphical passwords on background images. Such schemes are theoretically considered remarkably secure because they offer a large password space. However, people tend to create their passwords on salient image areas introducing high password predictability. Aiming to help people use the password space more effectively, we propose a gameful password creation process. In this paper, we present GamePass, a gamified mechanism that integrates the GUA password creation process. We provide the first evidence that it is possible to nudge people towards better password choices by gamifying the process. GamePass randomly guides participants’ attention to areas other than the salient areas of authentication images, makes the password creation process more fun, and people are more engaged. Gamifying the password creation process enables users to interact better and make less predictable graphical password choices instead of being forced to use a strict password policy.

References

[1]

Florian Alt, Mateusz Mikusz, Stefan Schneegass, and Andreas Bulling. 2016. Memorability of Cued-recall Graphical Passwords with Saliency Masks. In Proceedings of the 15th International Conference on Mobile and Ubiquitous Multimedia (Rovaniemi, Finland) (MUM ’16). ACM, New York, NY, USA, 191–200. https://doi.org/10.1145/3012709.3012730

Digital Library

[2]

Florian Alt, Stefan Schneegass, Alireza Sahami Shirazi, Mariam Hassib, and Andreas Bulling. 2015. Graphical Passwords in the Wild: Understanding How Users Choose Pictures and Passwords in Image-based Authentication Schemes. In Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services (Copenhagen, Denmark) (MobileHCI ’15). ACM, New York, NY, USA, 316–322. https://doi.org/10.1145/2785830.2785882

Digital Library

[3]

Joni A. Amorim, Maurice Hendrix, Sten F. Andler, and Per M. Gustavsson. 2013. Gamified Training for Cyber Defence: Methods and Automated Tools for Situation and Threat Assessment. In NATO Modelling and Simulation Group (MSG) Annual Conference 2013 (MSG-111), 2013. NATO Modelling and Simulation Group.

[4]

Erik Andersen, Eleanor O’Rourke, Yun-En Liu, Rich Snider, Jeff Lowdermilk, David Truong, Seth Cooper, and Zoran Popovic. 2012. The Impact of Tutorials on Games of Varying Complexity. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Austin, Texas, USA) (CHI ’12). ACM, New York, NY, USA, 59–68. https://doi.org/10.1145/2207676.2207687

Digital Library

[5]

Nalin AG Arachchilage, Ivan Flechais, and Konstantin Beznosov. 2014. A Game Storyboard Design for Avoiding Phishing Attacks. In Proceedings of the 11th Symposium On Usable Privacy and Security (SOUPS). SOUPS, Menlo Park, CA, USA, 2.

[6]

Nalin Asanka Gamagedara Arachchilage and Steve Love. 2014. Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behavior 38 (2014), 304–312.

Digital Library

[7]

Nalin Asanka Gamagedara Arachchilage, Steve Love, and Konstantin Beznosov. 2016. Phishing threat avoidance behaviour: An empirical investigation. Computers in Human Behavior 60 (2016), 185–197.

Digital Library

[8]

Abdul Ashraf and Ron Poet. 2019. Is It Better to Choose Seen or Unseen Distracters for Graphical Passwords. In Proceedings of the 12th International Conference on Security of Information and Networks(Sochi, Russia) (SIN ’19). Association for Computing Machinery, New York, NY, USA, Article 28, 4 pages. https://doi.org/10.1145/3357613.3357642

Digital Library

[9]

Gabriel Barata, Sandra Gama, Joaquim A.P. Jorge, and Daniel J.V. Gonçalves. 2014. Relating Gaming Habits with Student Performance in a Gamified Learning Experience. In Proceedings of the First ACM SIGCHI Annual Symposium on Computer-human Interaction in Play(Toronto, Ontario, Canada) (CHI PLAY ’14). ACM, New York, NY, USA, 17–25. https://doi.org/10.1145/2658537.2658692

Digital Library

[10]

Robert Biddle, Sonia Chiasson, and P.C. Van Oorschot. 2012. Graphical Passwords: Learning from the First Twelve Years. ACM Comput. Surv. 44, 4, Article 19 (Sept. 2012), 41 pages. https://doi.org/10.1145/2333112.2333114

Digital Library

[11]

Basak Bilgi and Bulent Tugrul. 2018. A Shoulder-Surfing Resistant Graphical Authentication Method. In 2018 International Conference on Artificial Intelligence and Data Processing (IDAP). IEEE, USA, 1–4.

[12]

Ivo Blohm and Jan Marco Leimeister. 2013. Design of IT-Based Enhancing Services for Motivational Support and Behavioral Change. Business & Information Systems Engineering, 5, 275-278.

[13]

K Boopathi, S Sreejith, and A Bithin. 2015. Learning cyber security through gamification. Indian Journal of Science and Technology 8, 7 (2015), 642–649.

[14]

Sacha Brostoff and M Angela Sasse. 2000. Are Passfaces more usable than passwords? A field trial investigation. In People and Computers XIV—Usability or Else!Springer, 405–424.

[15]

Andreas Bulling, Florian Alt, and Albrecht Schmidt. 2012. Increasing the Security of Gaze-based Cued-recall Graphical Passwords Using Saliency Masks. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Austin, Texas, USA) (CHI ’12). ACM, New York, NY, USA, 3011–3020. https://doi.org/10.1145/2207676.2208712

Digital Library

[16]

Zoya Bylinskii, Tilke Judd, Ali Borji, Laurent Itti, Frédo Durand, Aude Oliva, and Antonio Torralba. [n.d.]. MIT Saliency Benchmark. http://saliency.mit.edu/.

[17]

Ashley A. Cain and Jeremiah D. Still. 2019. Graphical Authentication Passcode Memorability: Context, Length, and Number. Proceedings of the Human Factors and Ergonomics Society Annual Meeting 63, 1 (Nov. 2019), 447–451. https://doi.org/10.1177/1071181319631077

[18]

Nilesh Chakraborty and Samrat Mondal. 2020. On Designing an Unaided Authentication Service with Threat Detection and Leakage Control for Defeating Opportunistic Adversaries. Frontiers of Computer Science 15, 2 (Oct. 2020). https://doi.org/10.1007/s11704-019-9134-9

Digital Library

[19]

Ivan Cherapau, Ildar Muslukhov, Nalin Asanka Gamagedara Arachchilage, and Konstantin Beznosov. 2015. On the Impact of Touch ID on iPhone Passcodes. In SOUPS. 257–276.

[20]

Sonia Chiasson, Alain Forget, Robert Biddle, and P. C. van Oorschot. 2008. Influencing Users Towards Better Passwords: Persuasive Cued Click-points. In Proceedings of the 22Nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction - Volume 1 (Liverpool, United Kingdom) (BCS-HCI ’08). British Computer Society, Swinton, UK, UK, 121–130. http://dl.acm.org/citation.cfm?id=1531514.1531531

[21]

Sonia Chiasson, Alain Forget, Elizabeth Stobert, P. C. van Oorschot, and Robert Biddle. 2009. Multiple Password Interference in Text Passwords and Click-based Graphical Passwords. In Proceedings of the 16th ACM Conference on Computer and Communications Security (Chicago, Illinois, USA) (CCS ’09). ACM, New York, NY, USA, 500–511. https://doi.org/10.1145/1653662.1653722

Digital Library

[22]

Sonia Chiasson, Elizabeth Stobert, Alain Forget, Robert Biddle, and Paul C Van Oorschot. 2012. Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE Transactions on Dependable and Secure Computing 9, 2 (2012), 222–235.

Digital Library

[23]

Sonia Chiasson, Paul C Van Oorschot, and Robert Biddle. 2007. Graphical password authentication using cued click points. In European Symposium on Research in Computer Security. Springer, 359–374.

[24]

Gradeigh D. Clark, Janne Lindqvist, and Antti Oulasvirta. 2017. Composition Policies for Gesture Passwords: User Choice, Security, Usability and Memorability. In 2017 IEEE Conference on Communications and Network Security (CNS). 1–9. https://doi.org/10.1109/CNS.2017.8228644

[25]

Argyris Constantinides, Anna Maria Pietron, Marios Belk, Christos Fidas, Ting Han, and Andreas Pitsillides. 2020. A Cross-cultural Perspective for Personalizing Picture Passwords. In Proceedings of the 28th ACM Conference on User Modeling, Adaptation and Personalization. ACM. https://doi.org/10.1145/3340631.3394859

Digital Library

[26]

Adrian Dabrowski, Markus Kammerstetter, Eduard Thamm, Edgar Weippl, and Wolfgang Kastner. 2015. Leveraging Competitive Gamification for Sustainable Fun and Profit in Security Education. In 2015 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 15). USENIX Association, Washington, D.C.https://www.usenix.org/conference/3gse15/summit-program/presentation/dabrowski

[27]

Sauvik Das, David Lu, Taehoon Lee, Joanne Lo, and Jason I. Hong. 2019. The Memory Palace. In Proceedings of the 32nd Annual ACM Symposium on User Interface Software and Technology. ACM. https://doi.org/10.1145/3332165.3347917

Digital Library

[28]

Antonella De Angeli, Mike Coutts, Lynne Coventry, Graham I. Johnson, David Cameron, and Martin H. Fischer. 2002. VIP: A Visual Approach to User Authentication. In Proceedings of the Working Conference on Advanced Visual Interfaces (Trento, Italy) (AVI ’02). Association for Computing Machinery, New York, NY, USA, 316–323. https://doi.org/10.1145/1556262.1556312

Digital Library

[29]

Ciaran J Deasy, Katherine R Farmer, Andrew J Seymour, and Liam A White. 2018. User Authentication. US Patent App. 15/423,824.

[30]

Sebastian Deterding, Dan Dixon, Rilla Khaled, and Lennart Nacke. 2011. From Game Design Elements to Gamefulness: Defining ”Gamification”. In Proceedings of the 15th International Academic MindTrek Conference: Envisioning Future Media Environments (Tampere, Finland) (MindTrek ’11). ACM, New York, NY, USA, 9–15. https://doi.org/10.1145/2181037.2181040

Digital Library

[31]

Rachna Dhamija, Adrian Perrig, 2000. Deja Vu-A User Study: Using Images for Authentication. In USENIX Security Symposium, Vol. 9. 4–4.

[32]

Nicholas Diakopoulos, Funda Kivran-Swaine, and Mor Naaman. 2011. Playable Data: Characterizing the Design Space of Game-y Infographics. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Vancouver, BC, Canada) (CHI ’11). ACM, New York, NY, USA, 1717–1726. https://doi.org/10.1145/1978942.1979193

Digital Library

[33]

Casey Dugan, Michael Muller, David R. Millen, Werner Geyer, Beth Brownholtz, and Marty Moore. 2007. The Dogear Game: A Social Bookmark Recommender System. In Proceedings of the 2007 International ACM Conference on Supporting Group Work (Sanibel Island, Florida, USA) (GROUP ’07). ACM, New York, NY, USA, 387–390. https://doi.org/10.1145/1316624.1316683

Digital Library

[34]

Paul Dunphy and Jeff Yan. 2007. Do Background Images Improve ”Draw a Secret” Graphical Passwords?. In Proceedings of the 14th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA) (CCS ’07). ACM, New York, NY, USA, 36–47. https://doi.org/10.1145/1315245.1315252

Digital Library

[35]

Frank Ebbers and Philipp Brune. 2016. The Authentication Game-Secure User Authentication by Gamification?. In International Conference on Advanced Information Systems Engineering. Springer, 101–115.

[36]

Malin Eiband, Mohamed Khamis, Emanuel von Zezschwitz, Heinrich Hussmann, and Florian Alt. 2017. Understanding Shoulder Surfing in the Wild. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. ACM. https://doi.org/10.1145/3025453.3025636

Digital Library

[37]

M. Everingham, L. Van Gool, C. K. I. Williams, J. Winn, and A. Zisserman. 2012. The PASCAL Visual Object Classes Challenge 2012 (VOC2012) Results. http://www.pascal-network.org/challenges/VOC/voc2012/workshop/index.html.

[38]

Dinei Florencio and Cormac Herley. 2007. A Large-scale Study of Web Password Habits. In Proceedings of the 16th International Conference on World Wide Web (Banff, Alberta, Canada) (WWW ’07). ACM, New York, NY, USA, 657–666. https://doi.org/10.1145/1242572.1242661

Digital Library

[39]

Ayelet Gal-Oz and Oren Zuckerman. 2015. Embracing Cheating in Gamified Fitness Applications. In Proceedings of the 2015 Annual Symposium on Computer-Human Interaction in Play (London, United Kingdom) (CHI PLAY ’15). ACM, New York, NY, USA, 535–540. https://doi.org/10.1145/2793107.2810298

Digital Library

[40]

Jacqueline Gaston and Seth Cooper. 2017. To Three or Not to Three: Improving Human Computation Game Onboarding with a Three-Star System. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (Denver, Colorado, USA) (CHI ’17). ACM, New York, NY, USA, 5034–5039. https://doi.org/10.1145/3025453.3025997

Digital Library

[41]

Maximilian Golla, Björn Hahn, Karsten Meyer zu Selhausen, Henry Hosseini, and Markus Dürmuth. 2018. Bars, Badges, and High Scores: On the Impact of Password Strength Visualizations. (2018).

[42]

Yimin Guo, Zhenfeng Zhang, and Yajun Guo. 2019. Optiwords: A new password policy for creating memorable and strong passwords. Computers & Security 85 (Aug. 2019), 423–435. https://doi.org/10.1016/j.cose.2019.05.015

Digital Library

[43]

Shivashankar Halan, Brent Rossen, Juan Cendan, and Benjamin Lok. 2010. High Score! - Motivation Strategies for User Participation in Virtual Human Development. In Intelligent Virtual Agents, Jan Allbeck, Norman Badler, Timothy Bickmore, Catherine Pelachaud, and Alla Safonova (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 482–488. https://doi.org/10.1007/978-3-642-15892-6_52

[44]

Sundas Hanif, Fahad Sohail, Aneeqa Tariq Shehrbano, and Muhammad Imran Babar. 2019. A New Shoulder Surfing and Mobile Key-Logging Resistant Graphical Password Scheme for Smart-Held Devices. Editorial Preface From the Desk of Managing Editor… 10, 9 (2019).

[45]

Johannes Harms, Dominik Seitz, Christoph Wimmer, Karin Kappel, and Thomas Grechenig. 2015. Low-Cost Gamification of Online Surveys: Improving the User Experience Through Achievement Badges. In Proceedings of the 2015 Annual Symposium on Computer-Human Interaction in Play (London, United Kingdom) (CHI PLAY ’15). ACM, New York, NY, USA, 109–113. https://doi.org/10.1145/2793107.2793146

Digital Library

[46]

Cormac Herley and Paul van Oorschot. 2012. A Research Agenda Acknowledging the Persistence of Passwords. IEEE Security Privacy 10, 1 (Jan. 2012), 28–36. https://doi.org/10.1109/MSP.2011.150

[47]

John M. D. Hill, Clark K. Ray, Jean R. S. Blair, and Curtis A. Carver, Jr.2003. Puzzles and Games: Addressing Different Learning Styles in Teaching Operating Systems Concepts. SIGCSE Bull. 35, 1 (Jan. 2003), 182–186. https://doi.org/10.1145/792548.611964

Digital Library

[48]

Tahir Musa Ibrahim, Shafi'i Muhammad Abdulhamid, Ala Abdusalam Alarood, Haruna Chiroma, Mohammed Ali Al-garadi, Nadim Rana, Amina Nuhu Muhammad, Adamu Abubakar, Khalid Haruna, and Lubna A. Gabralla. 2019. Recent advances in mobile touch screen security authentication methods: A systematic literature review. Computers & Security 85 (Aug. 2019), 1–24. https://doi.org/10.1016/j.cose.2019.04.008

Digital Library

[49]

Gokul Chettoor Jayakrishnan, Gangadhara Reddy Sirigireddy, Sukanya Vaddepalli, Vijayanand Banahatti, Sachin Premsukh Lodha, and Sankalp Suneel Pandit. 2020. Passworld: A Serious Game to Promote Password Awareness and Diversity in an Enterprise. In Sixteenth Symposium on Usable Privacy and Security (SOUPS 2020). USENIX Association, 1–18. https://www.usenix.org/conference/soups2020/presentation/jayakrishnan

[50]

IH Jermyn, Alain Mayer, Fabian Monrose, Michael K Reiter, and Aviel D Rubin. 1999. The design and analysis of graphical passwords.USENIX Association.

Digital Library

[51]

Korey Johnson and Steffen Werner. 2007. Memorability of Alphanumeric and Composite Scene Authentication (CSA) Passcodes Over Extended Retention Intervals. Proceedings of the Human Factors and Ergonomics Society Annual Meeting 51, 5 (Oct. 2007), 434–438. https://doi.org/10.1177/154193120705100502

[52]

Junya Kani and Masakatsu Nishigaki. 2013. Gamified captcha. In International conference on human aspects of information security, privacy, and trust. Springer, 39–48.

[53]

Dennis L. Kappen and Lennart E. Nacke. 2013. The Kaleidoscope of Effective Gamification: Deconstructing Gamification in Business Applications. In Proceedings of the First International Conference on Gameful Design, Research, and Applications (Toronto, Ontario, Canada) (Gamification ’13). Association for Computing Machinery, New York, NY, USA, 119–122. https://doi.org/10.1145/2583008.2583029

Digital Library

[54]

Stylianos Karagiannis, Thanos Papaioannou, Emmanouil Magkos, and Aggeliki Tsohou. 2020. Game-Based Information Security/Privacy Education and Awareness: Theory and Practice. In Information Systems. Springer International Publishing, 509–525. https://doi.org/10.1007/978-3-030-63396-7_34

[55]

Christina Katsini, Yasmeen Abdrabou, George E. Raptis, Mohamed Khamis, and Florian Alt. 2020. The Role of Eye Gaze in Security and Privacy Applications: Survey and Future HCI Research Directions. In Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems (Honolulu, HI, USA) (CHI ’20). Association for Computing Machinery, New York, NY, USA, 1–21. https://doi.org/10.1145/3313831.3376840

Digital Library

[56]

Christina Katsini, Nikolaos Avouris, and Christos Fidas. 2019. CogniPGA: Longitudinal Evaluation of Picture Gesture Authentication with Cognition-Based Intervention. i-com 18, 3 (Nov. 2019), 237–257. https://doi.org/10.1515/icom-2019-0011

[57]

Christina Katsini, Marios Belk, Christos Fidas, Nikolaos Avouris, and George Samaras. 2016. Security and Usability in Knowledge-Based User Authentication: A Review. In Proceedings of the 20th Pan-Hellenic Conference on Informatics (Patras, Greece) (PCI ’16). Association for Computing Machinery, New York, NY, USA, Article 63, 6 pages. https://doi.org/10.1145/3003733.3003764

Digital Library

[58]

Christina Katsini, Christos Fidas, George E. Raptis, Marios Belk, George Samaras, and Nikolaos Avouris. 2018. Influences of Human Cognition and Visual Behavior on Password Strength during Picture Password Composition. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems (Montreal QC, Canada) (CHI ’18). Association for Computing Machinery, New York, NY, USA, 1–14. https://doi.org/10.1145/3173574.3173661

Digital Library

[59]

Christina Katsini, George E. Raptis, Christos Fidas, and Nikolaos Avouris. 2018. Does Image Grid Visualization Affect Password Strength and Creation Time in Graphical Authentication?. In Proceedings of the 2018 International Conference on Advanced Visual Interfaces (Castiglione della Pescaia, Grosseto, Italy) (AVI ’18). ACM, New York, NY, USA, Article 33, 5 pages. https://doi.org/10.1145/3206505.3206546

Digital Library

[60]

Mohamed Khamis, Mariam Hassib, Emanuel von Zezschwitz, Andreas Bulling, and Florian Alt. 2017. GazeTouchPIN: Protecting Sensitive Data on Mobile Devices Using Secure Multimodal Authentication. In Proceedings of the 19th ACM International Conference on Multimodal Interaction (Glasgow, UK) (ICMI ’17). Association for Computing Machinery, New York, NY, USA, 446–450. https://doi.org/10.1145/3136755.3136809

Digital Library

[61]

Khalil Klouche, Tuukka Ruotsalo, Diogo Cabral, Salvatore Andolina, Andrea Bellucci, and Giulio Jacucci. 2015. Designing for Exploratory Search on Touch Devices. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (Seoul, Republic of Korea) (CHI ’15). ACM, New York, NY, USA, 4189–4198. https://doi.org/10.1145/2702123.2702489

Digital Library

[62]

Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Serge Egelman. 2011. Of Passwords and People: Measuring the Effect of Password-composition Policies. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Vancouver, BC, Canada) (CHI ’11). ACM, New York, NY, USA, 2595–2604. https://doi.org/10.1145/1978942.1979321

Digital Library

[63]

Christien Kroeze and Martin S Olivier. 2012. Gamifying authentication. In ISSA. 1–8.

[64]

Matthias Kümmerer, Thomas S. A. Wallis, Leon A. Gatys, and Matthias Bethge. 2017. Understanding Low- and High-Level Contributions to Fixation Prediction. 2017 IEEE International Conference on Computer Vision (ICCV) (2017), 4799–4808.

[65]

Lukas Mecke, Sarah Delgado Rodriguez, Daniel Buschek, Sarah Prange, and Florian Alt. 2019. Communicating Device Confidence Level and Upcoming Re-Authentications in Continuous Authentication Systems on Mobile Devices. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). USENIX Association, Santa Clara, CA. https://www.usenix.org/conference/soups2019/presentation/mecke-confidence

[66]

Weizhi Meng, Wenjuan Li, Lam-For Kwok, and Kim-Kwang Raymond Choo. 2017. Towards enhancing click-draw based graphical passwords using multi-touch behaviours on smartphones. Computers & Security 65 (March 2017), 213–229. https://doi.org/10.1016/j.cose.2016.11.010

Digital Library

[67]

Weizhi Meng, Liqiu Zhu, Wenjuan Li, Jinguang Han, and Yan Li. 2019. Enhancing the security of FinTech applications with map-based graphical password authentication. Future Generation Computer Systems 101 (Dec. 2019), 1018–1027. https://doi.org/10.1016/j.future.2019.07.038

Digital Library

[68]

Nicholas Micallef and Nalin Asanka Gamagedara Arachchilage. 2018. Security Questions Education: Exploring Gamified Features and Functionalities. Information & Computer Securityjust-accepted (2018), 00–00.

[69]

Stephan Neumann, Benjamin Reinheimer, and Melanie Volkamer. 2017. Don’t Be Deceived: The Message Might Be Fake. In International Conference on Trust and Privacy in Digital Business. Springer International Publishing, Lyon, France, 199–214.

[70]

Heather O’Brien. and Paul Cairns. 2015. An empirical evaluation of the User Engagement Scale (UES) in online news environments. Information Processing & Management 51, 4 (2015), 413–427. https://doi.org/10.1016/j.ipm.2015.03.003

Digital Library

[71]

Heather L. O’Brien, Paul Cairns, and Mark Hall. 2018. A practical approach to measuring user engagement with the refined user engagement scale (UES) and new UES short form. International Journal of Human-Computer Studies 112 (2018), 28–39. https://doi.org/10.1016/j.ijhcs.2018.01.004

[72]

Jacques Ophoff and Frauke Dietz. 2019. Using Gamification to Improve Information Security Behavior: A Password Strength Experiment. In IFIP Advances in Information and Communication Technology. Springer International Publishing, 157–169. https://doi.org/10.1007/978-3-030-23451-5_12

[73]

Zach Pace. 2011. Signing in with a picture password. https://blogs.msdn.microsoft.com/b8/2011/12/16/signing-in-with-a-picture-password/

[74]

Joseph Redmon and Ali Farhadi. 2017. YOLO9000: better, faster, stronger. arXiv preprint (2017).

[75]

Chris Riley, Kathy Buckner, Graham Johnson, and David Benyon. 2009. Culture & biometrics: regional differences in the perception of biometric authentication technologies. AI & SOCIETY 24, 3 (June 2009), 295–306. https://doi.org/10.1007/s00146-009-0218-1

Digital Library

[76]

Amir Sadovnik and Tsuhan Chen. 2013. A Visual Dictionary Attack on Picture Passwords. In 2013 IEEE International Conference on Image Processing. IEEE, Piscataway, NJ, USA, 4447–4451. https://doi.org/10.1109/ICIP.2013.6738916

[77]

Rahul Saha, Riyanka Manna, and G Geetha. 2012. Captchino-a gamification of image-based captchas to evaluate usability issues. In 2012 International Conference on Computing Sciences. IEEE, USA, 95–99.

Digital Library

[78]

SM Udhaya Sankar and V Vijaya Chamundeeswari. 2014. JIGSPASSZLE: A Novel Jigsaw Based Password System Using Mouse Drag Dynamics. Middle-East Journal of Scientific Research 21, 11 (2014), 2039–2051.

[79]

Angela Sasse. 2015. Scaring and Bullying People into Security Won. IEEE Security & Privacy3 (2015), 80–83.

[80]

Florian Schaub, Ruben Deyhle, and Michael Weber. 2012. Password Entry Usability and Shoulder Surfing Susceptibility on Different Smartphone Platforms. In Proceedings of the 11th International Conference on Mobile and Ubiquitous Multimedia (Ulm, Germany) (MUM ’12). Association for Computing Machinery, New York, NY, USA, Article 13, 10 pages. https://doi.org/10.1145/2406367.2406384

Digital Library

[81]

Z. Cliffe Schreuders and Emlyn Butterfield. 2016. Gamification for Teaching and Learning Computer Security in Higher Education. In 2016 USENIX Workshop on Advances in Security Education (ASE 16). USENIX Association, Austin, TX. https://www.usenix.org/conference/ase16/workshop-program/presentation/schreuders

[82]

Bruce Shelley. 2001. Guidelines for developing successful games. Gamasutra (August 2001), http://www.gamasutra.com (2001).

[83]

Steve Sheng, Bryant Magnien, Ponnurangam Kumaraguru, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, and Elizabeth Nunge. 2007. Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish. In Proceedings of the 3rd Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, USA) (SOUPS ’07). Association for Computing Machinery, New York, NY, USA, 88–99. https://doi.org/10.1145/1280680.1280692

Digital Library

[84]

Steven Sinofsky. 2011. Signing in with a picture password. https://blogs.msdn.microsoft.com/b8/2011/12/16/signing-in-with-a-picture-password/

[85]

Robert Speakman, Mark Michael Hall, and David Walsh. 2018. User Engagement with Generous Interfaces for Digital Cultural Heritage. In Digital Libraries for Open Knowledge, Eva Méndez, Fabio Crestani, Cristina Ribeiro, Gabriel David, and João Correia Lopes (Eds.). Springer International Publishing, Cham, 186–191. https://doi.org/10.1007/978-3-030-00066-0_16

[86]

Sharon T. Steinemann, Elisa D. Mekler, and Klaus Opwis. 2015. Increasing Donating Behavior Through a Game for Change: The Role of Interactivity and Appreciation. In Proceedings of the 2015 Annual Symposium on Computer-Human Interaction in Play (London, United Kingdom) (CHI PLAY ’15). ACM, New York, NY, USA, 319–329. https://doi.org/10.1145/2793107.2793125

Digital Library

[87]

Hector Suarez, Hooper Kincannon, and Li Yang. 2017. SSETGami: Secure Software Education Through Gamification. (2017).

[88]

H. Sun, S. Chen, J. Yeh, and C. Cheng. 2018. A Shoulder Surfing Resistant Graphical Authentication System. IEEE Transactions on Dependable and Secure Computing 15, 2 (2018), 180–193.

[89]

Huiping Sun, Ke Wang, Xu Li, Nan Qin, and Zhong Chen. 2015. PassApp: My App is My Password!. In Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services (Copenhagen, Denmark) (MobileHCI ’15). Association for Computing Machinery, New York, NY, USA, 306–315. https://doi.org/10.1145/2785830.2785880

Digital Library

[90]

Julie Thorpe, Muath Al-Badawi, Brent MacRae, and Amirali Salehi-Abari. 2014. The Presentation Effect on Graphical Passwords. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Toronto, Ontario, Canada) (CHI ’14). Association for Computing Machinery, New York, NY, USA, 2947–2950. https://doi.org/10.1145/2556288.2557212

Digital Library

[91]

Julie Thorpe and Paul C van Oorschot. 2007. Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords. In USENIX Security Symposium, Vol. 8. 1–8.

[92]

Blase Ur, Fumiko Noma, Jonathan Bees, Sean M. Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2015. ”I Added ’!’ at the End to Make It Secure”: Observing Password Creation in the Lab. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015). USENIX Association, Ottawa, 123–140. https://www.usenix.org/conference/soups2015/proceedings/presentation/ur

[93]

Ankitha Vaddeti, Deepthi Vidiyala, Vineetha Puritipati, Raveendra Babu Ponnuru, Ji Sun Shin, and Goutham Reddy Alavalapati. 2020. Graphical passwords: Behind the attainment of goals. Security and Privacy 3, 6 (July 2020). https://doi.org/10.1002/spy2.125

[94]

MNM Van Lieshout and AJ Baddeley. 1996. A nonparametric measure of spatial interaction in point patterns. Statistica Neerlandica 50, 3 (1996), 344–361.

[95]

Paul van Oorschot, Amriali Salehi-Abari, and Julie Thorpe. 2010. Purely Automated Attacks on PassPoints-Style Graphical Passwords. IEEE Transactions on Information Forensics and Security 5, 3 (Sept. 2010), 393–405. https://doi.org/10.1109/TIFS.2010.2053706

Digital Library

[96]

Emanuel von Zezschwitz, Malin Eiband, Daniel Buschek, Sascha Oberhuber, Alexander De Luca, Florian Alt, and Heinrich Hussmann. 2016. On Quantifying the Effective Password Space of Grid-Based Unlock Gestures. In Proceedings of the 15th International Conference on Mobile and Ubiquitous Multimedia(Rovaniemi, Finland) (MUM ’16). Association for Computing Machinery, New York, NY, USA, 201–212. https://doi.org/10.1145/3012709.3012729

Digital Library

[97]

Susan Wiedenbeck, Jim Waters, Jean-Camille Birget, Alex Brodskiy, and Nasir Memon. 2005. Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice. In Proceedings of the 2005 Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, USA) (SOUPS ’05). ACM, New York, NY, USA, 1–12. https://doi.org/10.1145/1073001.1073002

Digital Library

[98]

Susan Wiedenbeck, Jim Waters, Jean-Camille Birget, Alex Brodskiy, and Nasir Memon. 2005. PassPoints: Design and longitudinal evaluation of a graphical password system. International journal of human-computer studies 63, 1-2 (2005), 102–127.

Digital Library

[99]

Nur Haryani Zakaria, David Griffiths, Sacha Brostoff, and Jeff Yan. 2011. Shoulder Surfing Defence for Recall-Based Graphical Passwords. In Proceedings of the Seventh Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania) (SOUPS ’11). Association for Computing Machinery, New York, NY, USA, Article 6, 12 pages. https://doi.org/10.1145/2078827.2078835

Digital Library

[100]

Ziming Zhao, Gail-Joon Ahn, and Hongxin Hu. 2015. Picture Gesture Authentication: Empirical Analysis, Automated Attacks, and Scheme Evaluation. ACM Trans. Inf. Syst. Secur. 17, 4, Article 14 (April 2015), 37 pages. https://doi.org/10.1145/2701423

Digital Library

[101]

Ziming Zhao, Gail-Joon Ahn, Jeong-Jin Seo, and Hongxin Hu. 2013. On the Security of Picture Gesture Authentication. In Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13). USENIX, Washington, D.C., 383–398. https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/zhao

[102]

Huadi Zhu, Wenqiang Jin, Mingyan Xiao, Srinivasan Murali, and Ming Li. 2020. BlinKey: A Two-Factor User Authentication Method for Virtual Reality Devices. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 4, 4, Article 164 (Dec. 2020), 29 pages. https://doi.org/10.1145/3432217

Digital Library

[103]

Ye Zhu, Jonathan Gurary, George Corser, Jared Oluoch, Nahed Alnahash, Huirong Fu, and Junhua Tang. 2018. CMAPS: A Chess-Based Multi-Facet Password Scheme for Mobile Devices. IEEE Access 6(2018), 54795–54810. https://doi.org/10.1109/access.2018.2872772

[104]

Mengdie Zhuang, Gianluca Demartini, and Elaine G. Toms. 2017. Understanding Engagement Through Search Behaviour. In Proceedings of the 2017 ACM on Conference on Information and Knowledge Management (Singapore, Singapore) (CIKM ’17). ACM, New York, NY, USA, 1957–1966. https://doi.org/10.1145/3132847.3132978

Digital Library

Cited By

Lewis BKirupaharan PRanalli TVenkatasubramanian K(2024)A3C: An Image-Association-Based Computing Device Authentication Framework for People with Upper Extremity ImpairmentsACM Transactions on Accessible Computing10.1145/365252217:2(1-37)Online publication date: 28-May-2024
https://dl.acm.org/doi/10.1145/3652522
Harteveld CJavvaji NMohaddesi OKleinman EDaniels KJackson DTroiano G(2024)RePresent: Enabling Access to Justice for Pro Se Litigants via Co-Authored Serious GamesProceedings of the 2024 ACM Designing Interactive Systems Conference10.1145/3643834.3661632(3225-3242)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3643834.3661632
Wang K(2024)A Random and Unselectable Graphic Password Scheme2024 IEEE 7th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC)10.1109/IAEAC59436.2024.10503722(41-46)Online publication date: 15-Mar-2024
https://doi.org/10.1109/IAEAC59436.2024.10503722
Show More Cited By

Index Terms

Better, Funner, Stronger: A Gameful Approach to Nudge People into Making Less Predictable Graphical Password Choices

Index terms have been assigned to the content through auto-classification.

Recommendations

Eye-GUAna: Higher Gaze-Based Entropy and Increased Password Space in Graphical User Authentication Through Gamification
ETRA '21 Short Papers: ACM Symposium on Eye Tracking Research and Applications

Graphical user authentication (GUA) is a common alternative to text-based user authentication, where people are required to draw graphical passwords on background images. Recent research provides evidence that gamification of the graphical password ...
Pocket Password Book (Password): A discreet internet password organizer
Password Book: Password Journal / Password Organizer / Password Keeper / Internet Usernames and Passwords / Internet Password Logbook A Passkey Log ... seamless pattern collection) (Volume 48)

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI '21: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems

May 2021

10862 pages

ISBN:9781450380966

DOI:10.1145/3411764

General Chairs:
Yoshifumi Kitamura
Tohoku University, Japan
,
Aaron Quigley
University of New South Wales, Australia
,
Program Chairs:
Katherine Isbister
University of California Santa Cruz, USA
,
Takeo Igarashi
The University of Tokyo, Japan
,
Publications Chairs:
Pernille Bjørn
University of Copenhagen, Denmark
,
Steven Drucker
Microsoft Research, USA

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 May 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

NSERC Discovery Grant

Conference

CHI '21

Sponsor:

SIGCHI

CHI '21: CHI Conference on Human Factors in Computing Systems

May 8 - 13, 2021

Yokohama, Japan

Acceptance Rates

Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

Upcoming Conference

CHI '25

Sponsor:
sigchi

CHI Conference on Human Factors in Computing Systems

April 26 - May 1, 2025

Yokohama , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
819
Total Downloads

Downloads (Last 12 months)119
Downloads (Last 6 weeks)14

Reflects downloads up to 06 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Lewis BKirupaharan PRanalli TVenkatasubramanian K(2024)A3C: An Image-Association-Based Computing Device Authentication Framework for People with Upper Extremity ImpairmentsACM Transactions on Accessible Computing10.1145/365252217:2(1-37)Online publication date: 28-May-2024
https://dl.acm.org/doi/10.1145/3652522
Harteveld CJavvaji NMohaddesi OKleinman EDaniels KJackson DTroiano G(2024)RePresent: Enabling Access to Justice for Pro Se Litigants via Co-Authored Serious GamesProceedings of the 2024 ACM Designing Interactive Systems Conference10.1145/3643834.3661632(3225-3242)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3643834.3661632
Wang K(2024)A Random and Unselectable Graphic Password Scheme2024 IEEE 7th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC)10.1109/IAEAC59436.2024.10503722(41-46)Online publication date: 15-Mar-2024
https://doi.org/10.1109/IAEAC59436.2024.10503722
Amft SHöltervennhoff SHuaman NAcar YFahl SKelley PKapadia A(2023)"Would you give the same priority to the bank and a game? i do not!"Proceedings of the Nineteenth USENIX Conference on Usable Privacy and Security10.5555/3632186.3632196(171-190)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.5555/3632186.3632196
Constantinides ABelk MFidas CBeumers RVidal DHuang WBowles JWebber TSilvina APitsillides A(2023)Security and Usability of a Personalized User Authentication Paradigm: Insights from a Longitudinal Study with Three Healthcare OrganizationsACM Transactions on Computing for Healthcare10.1145/35646104:1(1-40)Online publication date: 27-Feb-2023
https://dl.acm.org/doi/10.1145/3564610
Ganesh ANdulue COrji R(2023)Tailoring a Persuasive Game to Promote Secure Smartphone BehaviourProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581038(1-18)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581038
Turkmen RNwagu CRawat PRiddle PSunday KMachuca M(2023)Put your glasses on: A voxel-based 3D authentication system in VR using eye-gaze2023 IEEE Conference on Virtual Reality and 3D User Interfaces Abstracts and Workshops (VRW)10.1109/VRW58643.2023.00316(947-948)Online publication date: Mar-2023
https://doi.org/10.1109/VRW58643.2023.00316
Chakraborty NYamout YZulkernine M(2023)The Tables Have Turned: GPT-3 Distinguishing Passwords from Honeywords2023 IEEE Conference on Communications and Network Security (CNS)10.1109/CNS59707.2023.10288643(1-5)Online publication date: 2-Oct-2023
https://doi.org/10.1109/CNS59707.2023.10288643
Xiao RQu LShi W(2023)Human Security Behavior Assistance in the Cyber-Physical SpaceScience of Cyber Security - SciSec 2022 Workshops10.1007/978-981-19-7769-5_3(28-43)Online publication date: 1-Jan-2023
https://doi.org/10.1007/978-981-19-7769-5_3
Kausar NDin IKhan MAlmogren AKim B(2022)GRA-PIN: A Graphical and PIN-Based Hybrid Authentication Approach for Smart DevicesSensors10.3390/s2204134922:4(1349)Online publication date: 10-Feb-2022
https://doi.org/10.3390/s22041349
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents