A Usability Evaluation of Image and Emojis in Graphical Password

 
 
 
  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract


    This paper presented user preferences in applying image and emojis use in graphical password authentication application.  There is generally lack of two-factor authentication (2FA) approach in mobile devices.  A preliminary study and a user study (N=30) have been conducted to investigate on usability and security issues.  Both of the studies revealed the method of applying picture superiority effect to enhance memorability of graphical password. 

     

     


  • Keywords


    smartphones; authentication; graphical password; usability;

  • References


      [1] B. Horne, “Humans in the loop,” IEEE Secur. Priv., vol. 12, no. 1, pp. 3–4, 2014.

      [2] M. M. Eloff and J. H. P. Eloff, “Human Computer Interaction: An Information Security Perspectives,” in Security in the Information Society: Visions and Perspectives, M. A. Ghonaimy, M. T. El-Hadidi, and H. K. Aslan, Eds. Boston, MA: Springer US, 2002, pp. 535–545.

      [3] S. Srivastava and P. S. Sudhish, “Continuous multi-biometric user authentication fusion of face recognition and keystoke dynamics,” in 2016 IEEE Region 10 Humanitarian Technology Conference (R10-HTC), 2016, pp. 1–7.

      [4] A. Ometov, S. Bezzateev, N. Mäkitalo, S. Andreev, T. Mikkonen, and Y. Koucheryavy, “Multi-Factor Authentication: A Survey,” Cryptography, vol. 2, no. 1, p. 1, 2018.

      [5] A. Kemshall, “Why mobile two-factor authentication makes sense,” Netw. Secur., vol. 2011, no. 4, pp. 9–12, 2011.

      [6] A. Adams and M. A. Sasse, “Users are not the enemy,” Commun. ACM, vol. 42, no. 12, pp. 40–46, Dec. 1999.

      [7] R. Harrison, D. Flood, and D. Duce, “Usability of mobile applications : literature review and rationale for a new usability model,” Int. J. Mob. Hum. Comput. Interact., vol. 6, no. 1, pp. 54–70, 2014.

      [8] K. Renaud and A. De Angeli, “My password is here! An investigation into visuo-spatial authentication mechanisms,” Interact. Comput., vol. 16, no. 6, pp. 1017–1041, 2004.

      [9] P. Andriotis, T. Tryfonas, G. Oikonomou, and C. Yildiz, “A pilot study on the security of pattern screen-lock methods and soft side channel attacks,” ACM WiSec, p. 1, 2013.

      [10] M. O. Derawi, “Biometric options for mobile phone authentication,” Biometric Technol. Today, vol. 2011, no. 10, pp. 5–7, 2011.

      [11] M. Klíma, A. J. Sporka, and J. Franc, “You are who you know : user authentication by face recognition,” Proc. 7th ICDVRAT with ArtAbilitation, Maia, Port., pp. 97–102, 2008.

      [12] S. Kumar Jena, “Graphical User Authentication,” no. May, 2013.

      [13] T. O. Nelson, G. Greene, B. Ronk, G. Hatchett, and V. Igl, “Effect of multiple images on associative learning,” Mem. Cognit., vol. 6, no. 4, pp. 337–341, 1978.

      [14] R. Biddle, S. Chiasson, and P. C. Van Oorschot, “Graphical Passwords : Learning from the First Twelve Years,” Security, vol. V, pp. 1–43, 2009.

      [15] L. M. Mayron, “Biometric Authentication on Mobile Devices,” 2015 IEEE Secur. Priv., vol. 13, no. 3, pp. 70–73, 2015.

      [16] M. Souppaya and K. Scarfone, “Guidelines for Managing the Security of Mobile Devices in the Enterprise,” NIST Spec. Publ. 800-124, Revis. 1, pp. 1–30, 2013.

      [17] A. F. Abate, M. Nappi, and S. Ricciardi, “Smartphone enabled person authentication based on ear biometrics and arm gesture,” in 2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC), 2016, pp. 003719–003724.

      [18] N. Gunson, D. Marshall, H. Morton, and M. Jack, “User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking,” Comput. Secur., vol. 30, no. 4, pp. 208–220, 2011.

      [19] E. De Cristofaro, H. Du, J. Freudiger, and G. Norcie, “A Comparative Usability Study of Two-Factor Authentication,” in Proceedings 2014 Workshop on Usable Security, 2014.

      [20] C. L. Liu, C. J. Tsai, T. Y. Chang, W. J. Tsai, and P. K. Zhong, “Implementing multiple biometric features for a recall-based graphical keystroke dynamics authentication system on a smart phone,” J. Netw. Comput. Appl., vol. 53, pp. 128–139, 2015.

      [21] M. Rogowski, K. Saeed, M. Rybnik, M. Tabedzki, and M. Adamski, “User Authentication for Mobile Devices,” in Computer Information Systems and Industrial Management: 12th IFIP TC8 International Conference, CISIM 2013, Krakow, Poland, September 25-27, 2013. Proceedings, K. Saeed, R. Chaki, A. Cortesi, and S. Wierzchoń, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013, pp. 47–58.

      [22] S. Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N. Memon, “Authentication using graphical passwords,” Proc. 2005 Symp. Usable Priv. Secur. - SOUPS ’05, pp. 1–12, 2005.

      [23] C. L. Grady, A. R. McIntosh, M. N. Rajah, and F. I. M. Craik, “Neural correlates of the episodic encoding of pictures and words,” Proc. Natl. Acad. Sci., vol. 95, no. 5, pp. 2703–2708, Mar. 1998.

      [24] A. Paivio, Mind and Its Evolution, no. 2007. Routledge, 2006.

      [25] P. Andriotis, T. Tryfonas, and G. Oikonomou, “Complexity metrics and user strength perceptions of the pattern-lock graphical authentication method,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 8533 LNCS, pp. 115–126, 2014.

      [26] N. L. Clarke and S. M. Furnell, “Authentication of users on mobile telephones - A survey of attitudes and practices,” Comput. Secur., vol. 24, no. 7, pp. 519–527, 2005.

      [27] Y. Li, J. Yang, M. Xie, D. Carlson, H. G. Jang, and J. Bian, “Comparison of PIN- and pattern-based behavioral biometric authentication on mobile devices,” Proc. - IEEE Mil. Commun. Conf. MILCOM, vol. 2015–Decem, pp. 1317–1322, 2015.

      [28] R. Biddle, S. Chiasson, and P. C. Van Oorschot, “Graphical Passwords : Learning from the First Twelve Years,” ACM Comput. Surv., vol. 44, no. 4, pp. 1–43, 2012.

      [29] A. De Angeli, L. Coventry, G. Johnson, and K. Renaud, “Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems,” Int. J. Hum. Comput. Stud., vol. 63, no. 1–2, pp. 128–152, 2005.

      [30] Y. Ma, “Can More Pictures Bring More Readership?: An Examination of the ‘Picture Superiority Effect’ in the News Consumption Process,” Procedia - Soc. Behav. Sci., vol. 236, no. December 2015, pp. 34–38, Dec. 2016.

      [31] P. Dunphy, “Usable, Secure and Deployable Graphical Passwords,” no. November, p. 189, 2012.

      [32] N. BEVAN, “International standards for HCI and usability,” Int. J. Hum. Comput. Stud., vol. 55, no. 4, pp. 533–552, 2001.

      [33] R. Kainda, I. Flechais, and A. W. Roscoe, “Security and usability: Analysis and evaluation,” ARES 2010 - 5th Int. Conf. Availability, Reliab. Secur., pp. 275–282, 2010.

      [34] C. Braz and J.-M. Robert, “Security and usability,” Proc. 18th Int. Conf. Assoc. Francoph. d’Interaction Homme-Machine - IHM ’06, no. January, pp. 199–203, 2006.

      [35] F. Schaub, M. Walch, B. Könings, and M. Weber, “Exploring the design space of graphical passwords on smartphones,” Proc. Ninth Symp. Usable Priv. Secur. - SOUPS ’13, p. 1, 2013.

      [36] H. Tao and C. Adams, “Pass-Go: A proposal to improve the usability of graphical passwords,” Int. J. Netw. Secur., vol. 7, no. 2, pp. 273–292, 2008.

      [37] D. Ritter, F. Schaub, M. Walch, and M. Weber, “MIBA: Multitouch Image-Based Authentication on Smartphones,” CHI ’13 Ext. Abstr. Hum. Factors Comput. Syst., pp. 787–792, 2013.

      [38] M. Golla, D. Detering, and M. Dürmuth, “EmojiAuth: Quantifying the Security of Emoji-based Authentication,” Proc. Usable Secur. Mini Conf., pp. 1–13, 2017.

      [39] T. Seitz, F. Mathis, and H. Hussmann, “The Bird is the Word: A Usability Evaluation of Emojis inside Text Passwords,” Proc. 29th Aust. Conf. Human-Computer Interact. (OzCHI 2017), p. 9, 2017.

      [40] M. Belk, A. Pamboris, C. Fidas, C. Katsini, N. Avouris, and G. Samaras, “Sweet-spotting security and usability for intelligent graphical authentication mechanisms,” Proc. Int. Conf. Web Intell. - WI ’17, pp. 252–259, 2017.

      [41] L. Fullerton, "Global mobile device usage is expected to reach more than 5.5bn users by 2022," 20 July 2017. [Online]. Available: http://www.thedrum.com/news/2017/07/20/global-mobile-device-usage-expected-reach-more-55bn-users-2022. [Accessed 14 March 2018].

      [42] "Number of smartphone users in Malaysia from 2015 to 2022 (in millions)*," [Online]. [Accessed 14 March 2018].

      [43] "What is 2FA?," A Shearwater Group plc Company , [Online]. Available: https://www.securenvoy.com/two-factor-authentication/what-is-2fa.shtm. [Accessed 14 March 2018].

      [44] "Stronger security for your Google Account," [Online]. Available: https://www.google.com/landing/2step/index.html#tab=how-it-protects. [Accessed 14 March 2018].

      [45] "Multifactor Authentication Market by Model (Two-, Three-, Four-, and Five-Factor), Application (Banking and Finance, Government, Military and Defense, Commercial Security, Consumer Electronics, Healthcare), and Geography - Global Forecast to 2022," May 2017. [Online]. Available: https://www.marketsandmarkets.com/Market-Reports/multi-factor-authentication-market-877.html. [Accessed 14 March 2018].

      [46] EmojiArtStudio, "Emoji Lock Screen," Google, 27 February 2018. [Online]. Available: https://play.google.com/store/apps/details?id=com.emoji.smiley.locker&hl=en. [Accessed 21 March 2018].


 

View

Download

Article ID: 23719
 
DOI: 10.14419/ijet.v7i4.31.23719




Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.