The MVP Web-Based Authentication Framework - (Short Paper)

MVP is a framework allowing websites to use diverse knowledge-based authentication schemes. One application is its use in conducting ecologically valid user studies of authentication under the same experimental conditions. We introduce MVP and its key characteristics, discuss several authentication schemes, and offer lessons learned from running 9 hybrid (lab/online) and 3 MTurk user studies over the last year.

[1]  Alain Forget,et al.  Persuasive Cued Click-Points: Design, Implementation, and Evaluation of a Knowledge-Based Authentication Mechanism , 2012, IEEE Transactions on Dependable and Secure Computing.

[2]  Robert Biddle,et al.  Do you see your password?: applying recognition to textual passwords , 2012, SOUPS.

[3]  Ma Sasse,et al.  Gathering realistic authentication performance data through field trials , 2010, SOUPS 2010.

[4]  Alain Forget,et al.  User interface design affects security: patterns in click-based graphical passwords , 2009, International Journal of Information Security.

[5]  Alain Forget,et al.  Influencing users towards better passwords: persuasive cued click-points , 2008, BCS HCI.

[6]  Robert Biddle,et al.  A second look at the usability of click-based graphical passwords , 2007, SOUPS '07.

[7]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[8]  Nasir D. Memon,et al.  Authentication using graphical passwords: effects of tolerance and image choice , 2005, SOUPS '05.

[9]  Robert Biddle,et al.  Facing the facts about image type in recognition-based graphical passwords , 2011, ACSAC '11.

[10]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[11]  Robert Biddle,et al.  Graphical passwords: Learning from the first twelve years , 2012, CSUR.

[12]  Robert Biddle,et al.  Centered Discretization with Application to Graphical Passwords , 2008, UPSEC.