Graphical Passwords as Browser Extension: Implementation and Usability Study

2009-06-19
BIÇAKCI, KEMAL
Yuceel, Mustafa
Erdeniz, Burak
Gurbaslar, Hakan
ATALAY, NART BEDİN
Today, most Internet applications still establish user authentication with traditional text based passwords. Designing a secure as well as a user-friendly password-based method has been on the agenda of security researchers for a long time. On one hand, there are password manager programs which facilitate generating site-specific strong passwords from a single user password to eliminate the memory burden due to multiple passwords. On the other hand, there are studies exploring the viability of graphical passwords as a more secure and user-friendly alternative. In this paper, we present GPEX, a password manager program implemented as a web browser plug-in to enable using graphical passwords to secure Internet applications without any need to change their authentication interface. Experimental results show that GPEX has security and usability advantages over other password manager plug-ins. specifically; we find that with the visual interface of GPEX, users have a more complete and accurate mental model of the system and incorrect login attempts causing security exposures can easily be avoided.

Suggestions

Analysis of Password Attacks From The Perspective Of The Attacker By Multiple Honeypots
Aydın, Kıvanç; Acartürk, Cengiz; Department of Cybersecurity (2021-8-19)
Authentication is vital for secure operation of ICT systems. Since the past several decades, alternative solutions have been developed for authentication, such as biometric authentication methods, aiming at replacing passwords. Nevertheless, their success has been limited as evidenced by intensive use of passwords. Today, an average user uses dozens of different passwords in daily practice. The frequent use of passwords in authentication also leads to a close interest of attackers due to rapid the expansion...
Towards Usable Solutions to Graphical Password Hotspot Problem
BIÇAKCI, KEMAL; ATALAY, NART BEDİN; Yuceel, Mustafa; Gurbaslar, Hakan; Erdeniz, Burak (2009-07-24)
Click based graphical passwords that use background images suffer from hot-spot problem. Previous graphical password schemes based on recognition of images do not have a sufficiently large password space suited for most Internet applications. In this paper, we propose two novel graphical password methods based on recognition of icons to solve the hotspot problem without decreasing the password space. The experiment we have conducted that compares the security and usability of proposed methods with earlier w...
The role of visual coherence in graphical passwords
Özge, Alaçam; Christopher, Habel; Acartürk, Cengiz (null; 2013-08-31)
Graphical password is an alternative method of authentication to alphanumerical passwords. From theperspectiveof research on human memory, it is yet another novel technology that introduces challenges on human memory components. In this study, we aim to investigatethe previousfindings in human visual memory in the domain ofgraphical passwords by analyzingthe role ofvisual coherence in passwords. The results of an experimental studyreveal that in terms of memorability, co...
Identity/attribute-based authentication protocols based on pairings
Öztürk, Gülnihal; Doğanaksoy, Ali; Department of Cryptography (2020-10-22)
Authentication is one of the most important goals in cryptography. It provides sharing information with only authorized people and protecting data from being modified. Authentication can be achieved in various ways such as password-based, symmetric-key and public-key. The public-key authentication is the most preferred one among these options. It provides construction of key pairs and verification with based on hard mathematical problems. Public-key authentication is used as a basis for two important ideas:...
One-time passwords: Security analysis using BAN logic and integrating with smartcard authentication
Bicakci, K; Baykal, Nazife (2003-01-01)
In this paper we make a formal analysis of one-time password protocols using BAN logic and provide some guidelines to integrate securely one-time passwords with smartcard based authentication. We also propose some extensions to the BAN logic to facilitate analyzing hash chain based authentication protocols.
Citation Formats
K. BIÇAKCI, M. Yuceel, B. Erdeniz, H. Gurbaslar, and N. B. ATALAY, “Graphical Passwords as Browser Extension: Implementation and Usability Study,” 2009, vol. 300, p. 15, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/68207.