A Novel Cue based Picture Word Shape Character Password Creation Scheme

The number of internet users is growing at a rapid rate and this means users now have to remember passwords for many different accounts. The side effects of this increase of user accounts is that users are putting password usability before password security in order to remember these passwords. This paper outlines a novel password creation scheme for creating strong, secure unique passwords that are easier for users to remember on multiple sites. The scheme includes features to more easily create a secure password and recall this password, whilst including multiple layers of security against a targeted attack by an adversary. Results showed that users who did not use a scheme had a much lower login success rate for their accounts than the users who used the created scheme. They also showed that the average password length for each group of users was the same meaning the created scheme passwords in this sample has no greater protection against brute-force attacks, but in terms of dictionary and hybrid attacks the scheme passwords generally seemed to have a lot more protection.

[1]  Abraham Silberschatz,et al.  Operating System Concepts , 1983 .

[2]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[3]  Joseph Albahari,et al.  C# 5.0 in a Nutshell , 2012 .

[4]  Stephen Farrell Password Policy Purgatory , 2008, IEEE Internet Computing.

[5]  Wanli Ma,et al.  Password Entropy and Password Quality , 2010, 2010 Fourth International Conference on Network and System Security.

[6]  Karen A. Scarfone,et al.  Guide to Enterprise Password Management , 2009 .

[7]  Marjan Hericko,et al.  Password security — No change in 35 years? , 2014, 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO).

[8]  Tim Storer,et al.  Calm Before the Storm: The Challenges of Cloud Computing in Digital Forensics , 2014, Int. J. Digit. Crime Forensics.

[9]  Sean-Philip Oriyano Hacker Techniques, Tools, and Incident Handling , 2010 .

[10]  M. Cruz-cunha,et al.  Handbook of Research on Digital Crime, Cyberspace Security, and Information Assurance , 2014 .

[11]  Moshe Zviran,et al.  A Comparison of Password Techniques for Multilevel Authentication Mechanisms , 1990, Comput. J..

[12]  Peter B. Galvin,et al.  Operating System Concepts, 4th Ed. , 1993 .

[13]  Lujo Bauer,et al.  Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms , 2012, 2012 IEEE Symposium on Security and Privacy.

[14]  Gaobo Yang,et al.  Anti-Forensics for Unsharp Masking Sharpening in Digital Images , 2013, Int. J. Digit. Crime Forensics.

[15]  Kun Sun,et al.  A Security Analysis of Two Commercial Browser and Cloud Based Password Managers , 2013, 2013 International Conference on Social Computing.

[16]  Chang-Tsun Li Emerging Digital Forensics Applications for Crime Detection, Prevention, and Security , 2013 .

[17]  Anthony Northrup MCAD/MCSD Self-Paced Training Kit: Implementing Security for Applications with Microsoft Visual Basic .NET and Microsoft Visual C# .NET , 2004 .

[18]  C. Warren Axelrod Responsibilities and Liabilities with Respect to Catastrophes , 2009 .

[19]  Christian W. Dawson,et al.  Projects in Computing and Information Systems: A Student's Guide , 2009 .