CCBS – a method to maintain memorability, accuracy of password submission and the effective password space in click-based visual passwords
dc.contributor.author | al-Khateeb, Haider | en |
dc.contributor.author | Maple, Carsten | en |
dc.date.accessioned | 2016-02-18T09:11:00Z | en |
dc.date.available | 2016-02-18T09:11:00Z | en |
dc.date.issued | 2011-07 | en |
dc.identifier.citation | al-Khateeb, H. M., Maple, C. (2011) ‘CCBS – A Method to Maintain Memorability, Accuracy of Password Submission and The Effective Password Space in Click-Based Visual Passwords’, IADIS International Workshop on the Transgressive Uses of Collaborative Systems 2011 (TUCS 2011), MCCSIS, 20-26 July, Rome, Italy | en |
dc.identifier.isbn | 978-972-8939-40-3 © 2011 IADIS | en |
dc.identifier.doi | 10.13140/RG.2.1.2561.6485 | en |
dc.identifier.uri | http://hdl.handle.net/10547/596571 | en |
dc.description.abstract | Text passwords are vulnerable to many security attacks due to a number of reasons such as the insecure practices of end users who select weak passwords to maintain their long term memory. As such, visual password (VP) solutions were developed to maintain the security and usability of user authentication in collaborative systems. This paper focuses on the challenges facing click-based visual password systems and proposes a novel method in response to them. For instance, Hotspots reveal a serious vulnerability. They occur because users are attracted to specific parts of an image and neglect other areas. Undertaking image analysis to identify these high probability areas can assist dictionary attacks. Another concern is that click-based systems do not guide users towards the correct click-point they are aiming to select. For instance, users might recall the correct spot or area but still fail to include their click within the tolerance distance around the original click-point which results in more incorrect password submissions. Nevertheless, the Passpoints study by Wiedenbeck et al., 2005 inspected the retention of their VP in comparison with text passwords over the long term. Despite being cued-recall the successful rate of their VP submission was not superior to text passwords as it decreased from 85% (the instant retention on the day of registration) to 55% after 2 weeks. This result was identical to that of the text password in the same experiment. The successful submission rates after 6 weeks were also 55% for both VP and text passwords. This paper addresses these issues, and then presents a novel method (CCBS) as a usable solution supported by an empirical proof. A user study is conducted and the results are evaluated against a comparative study. | |
dc.language.iso | en | en |
dc.publisher | IADIS | en |
dc.subject | authentication | en |
dc.subject | visual password | en |
dc.subject | click-based systems | en |
dc.subject | graphical password | en |
dc.subject | password space | en |
dc.title | CCBS – a method to maintain memorability, accuracy of password submission and the effective password space in click-based visual passwords | en |
dc.type | Conference papers, meetings and proceedings | en |
dc.contributor.department | University of Bedfordshire | en |
html.description.abstract | Text passwords are vulnerable to many security attacks due to a number of reasons such as the insecure practices of end users who select weak passwords to maintain their long term memory. As such, visual password (VP) solutions were developed to maintain the security and usability of user authentication in collaborative systems. This paper focuses on the challenges facing click-based visual password systems and proposes a novel method in response to them. For instance, Hotspots reveal a serious vulnerability. They occur because users are attracted to specific parts of an image and neglect other areas. Undertaking image analysis to identify these high probability areas can assist dictionary attacks. Another concern is that click-based systems do not guide users towards the correct click-point they are aiming to select. For instance, users might recall the correct spot or area but still fail to include their click within the tolerance distance around the original click-point which results in more incorrect password submissions. Nevertheless, the Passpoints study by Wiedenbeck et al., 2005 inspected the retention of their VP in comparison with text passwords over the long term. Despite being cued-recall the successful rate of their VP submission was not superior to text passwords as it decreased from 85% (the instant retention on the day of registration) to 55% after 2 weeks. This result was identical to that of the text password in the same experiment. The successful submission rates after 6 weeks were also 55% for both VP and text passwords. This paper addresses these issues, and then presents a novel method (CCBS) as a usable solution supported by an empirical proof. A user study is conducted and the results are evaluated against a comparative study. |