Graphical Passwords as Browser Extension: Implementation and Usability Study

Today, most Internet applications still establish user authentication with traditional text based passwords. Designing a secure as well as a user-friendly password-based method has been on the agenda of security researchers for a long time. On one hand, there are password manager programs which facilitate generating site-specific strong passwords from a single user password to eliminate the memory burden due to multiple passwords. On the other hand, there are studies exploring the viability of graphical passwords as a more secure and user-friendly alternative. In this paper, we present GPEX, a password manager program implemented as a web browser plug-in to enable using graphical passwords to secure Internet applications without any need to change their authentication interface. Experimental results show that GPEX has security and usability advantages over other password manager plug-ins. specifically; we find that with the visual interface of GPEX, users have a more complete and accurate mental model of the system and incorrect login attempts causing security exposures can easily be avoided.

[1]  Kemal Bicakci Optimal discretization for high-entropy graphical passwords , 2008, 2008 23rd International Symposium on Computer and Information Sciences.

[2]  Robert Biddle,et al.  Graphical Password Authentication Using Cued Click Points , 2007, ESORICS.

[3]  Brent Waters,et al.  A convenient method for securely managing passwords , 2005, WWW '05.

[4]  Robert Biddle,et al.  A Usability Study and Critique of Two Password Managers , 2006, USENIX Security Symposium.

[5]  Dan Boneh,et al.  Stronger Password Authentication Using Browser Extensions , 2005, USENIX Security Symposium.

[6]  Julie Thorpe,et al.  Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords , 2007, USENIX Security Symposium.

[7]  R. Likert “Technique for the Measurement of Attitudes, A” , 2022, The SAGE Encyclopedia of Research Design.

[8]  Nasir D. Memon,et al.  PassPoints: Design and longitudinal evaluation of a graphical password system , 2005, Int. J. Hum. Comput. Stud..

[9]  Nasir D. Memon,et al.  Graphical passwords based on robust discretization , 2006, IEEE Transactions on Information Forensics and Security.

[10]  Alain Forget,et al.  Influencing users towards better passwords: persuasive cued click-points , 2008, BCS HCI.