Action-based user authentication

Network security partially depends on reliable user authentication; unfortunately currently used passwords are not completely secure. One of the main problems with passwords is that very good passwords are hard remember and the ones which are easy to remember are too short or simple be secure. We have designed a number of authentication schemas, which are easy to remember and can be relatively quickly provided to the system, while the same time remaining impossible to break with brute force alone. In this article, we have compared the size of password spaces and how easy they are remember for many popular alphanumeric and graphical authentication schemas against the approaches developed by us, namely PassText, PassArt and PassMap.

[1]  Adrian Perrig,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Déjà Vu: A User Study Using Images for Authentication , 2000 .

[2]  Julie Thorpe,et al.  Analyzing User Choice in Graphical Passwords , 2004 .

[3]  Antonella De Angeli,et al.  USABILITY AND USER AUTHENTICATION: PICTORIAL PASSWORDS VS. PIN , 2004 .

[4]  David Mazières,et al.  A future-adaptive password scheme , 1999 .

[5]  David C. Feldmeier,et al.  UNIX Password Security - Ten Years Later , 1989, CRYPTO.

[6]  Aviel D. Rubin Independent One-Time Passwords , 1996, Comput. Syst..

[7]  Merrill Warkentin,et al.  A Longitudinal Comparison of Four Password Procedures , 2003 .

[8]  Roman V. Yampolskiy,et al.  Motor-Skill Based Biometrics , 2007 .

[9]  Roman V. Yampolskiy Human Computer Interaction Based Intrusion Detection , 2007, Fourth International Conference on Information Technology (ITNG'07).

[10]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[11]  Karen Renaud,et al.  Quantifying the quality of web authentication mechanisms: a usability perspective , 2004 .

[12]  Venu Govindaraju,et al.  Use of behavioral biometrics in intrusion detection and online gaming , 2006, SPIE Defense + Commercial Sensing.

[13]  Larry Rudolph,et al.  Passdoodles; a Lightweight Authentication Method , 2004 .

[14]  Matthew Warren,et al.  A Conceptual Model for Graphical Authentication , 2003 .

[15]  Julie Thorpe,et al.  Pass-thoughts: authenticating with our minds , 2005, NSPW '05.

[16]  Bogdan Hoanca,et al.  incidence of , 2021 .

[17]  Julie Thorpe,et al.  Graphical Dictionaries and the Memorable Space of Graphical Passwords , 2004, USENIX Security Symposium.

[18]  Karen Renaud,et al.  Using a combination of sound and images to authenticate web users , 2003 .

[19]  Shujun Li,et al.  Secure Human-Computer Identification against Peeping Attacks (SecHCI): A Survey , 2003 .

[20]  Roman V. Yampolskiy Secure Network Authentication with PassText , 2007, Fourth International Conference on Information Technology (ITNG'07).

[21]  Richard P. Ayers,et al.  Picture Password: A Visual Login Technique for Mobile Devices , 2003 .

[22]  Karen Renaud Quantifying the quality of web authentication mechanisms , 2004 .

[23]  Alexander Brostoff Improving password system effectiveness , 2005 .

[24]  Michael K. Reiter,et al.  Password hardening based on keystroke dynamics , 2002, International Journal of Information Security.

[25]  Daniel Klein,et al.  Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[26]  R.V. Yampolskiy Indirect Human Computer Interaction-Based Biometrics for Intrusion Detection Systems , 2007, 2007 41st Annual IEEE International Carnahan Conference on Security Technology.

[27]  M. Bishop Proactive Password Checking , 1992 .

[28]  R.V. Yampolskiy Analyzing User Password Selection Behavior for Reduction of Password Space , 2006, Proceedings 40th Annual 2006 International Carnahan Conference on Security Technology.

[29]  Michael K. Reiter,et al.  On User Choice in Graphical Password Schemes , 2004, USENIX Security Symposium.

[30]  Julie Thorpe,et al.  Towards secure design choices for implementing graphical passwords , 2004, 20th Annual Computer Security Applications Conference.

[31]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[32]  Eugene H. Spafford,et al.  Observing Reusable Password Choices , 1992 .

[33]  Nasir D. Memon,et al.  Authentication using graphical passwords: effects of tolerance and image choice , 2005, SOUPS '05.

[34]  Craig Metz,et al.  One-Time Passwords in Everything (OPIE): Experiences with Building and Using Strong Authentication , 1995, USENIX Security Symposium.

[35]  Venu Govindaraju,et al.  Dissimilarity functions for behavior-based biometrics , 2007, SPIE Defense + Commercial Sensing.

[36]  R.V. Yampolskiy User Authentication via Behavior Based Passwords , 2007, 2007 IEEE Long Island Systems, Applications and Technology Conference.

[37]  Susan Wiedenbeck,et al.  Authentication Using Graphical Passwords: Basic Results , 2005 .

[38]  E Smith,et al.  Jiminy: helping users to remember their passwords , 2001 .

[39]  David Mazières,et al.  The Advanced Computing Systems Association a Future-adaptable Password Scheme a Future-adaptable Password Scheme , 2022 .

[40]  Nasir D. Memon,et al.  Robust discretization, with an application to graphical passwords , 2003, IACR Cryptol. ePrint Arch..

[41]  Michael K. Reiter,et al.  The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[42]  Daphna Weinshall,et al.  Passwords you'll never forget, but can't recall , 2004, CHI EA '04.