TU Darmstadt / ULB / TUbiblio

Authentication Schemes - Comparison and Effective Password Spaces

Mayer, Peter and Volkamer, Melanie and Kauer, Michaela
Prakash, Atul and Shyamasundar, Rudrapatna (eds.) (2014):
Authentication Schemes - Comparison and Effective Password Spaces.
In: Information Systems Security : International Conference on Information Systems Security (ICISS), Berlin, Cham, Springer International Publishing, In: International Conference on Information Systems Security (ICISS), Hyderabad, India, 16-20.12.2014, In: Lecture notes in computer science, 8880, ISBN 978-3-319-13840-4,
DOI: 10.1007/978-3-319-13841-1_12,
[Conference or Workshop Item]

Abstract

Text passwords are ubiquitous in authentication. Despite this ubiquity, they have been the target of much criticism. One alternative to the pure recall text passwords are graphical authentication schemes. The different proposed schemes harness the vast visual memory of the human brain and exploit cued-recall as well as recognition in addition to pure recall. While graphical authentication in general is promising, basic research is required to better understand which schemes are most appropriate for which scenario (incl. security model and frequency of usage). This paper presents a comparative study in which all schemes are configured to the same effective password space (as used by large Internet companies). The experiment includes both, cued-recall-based and recognition-based schemes. The results demonstrate that recognition-based schemes have the upper hand in terms of effectiveness and cued-recall-based schemes in terms of efficiency. Thus, depending on the scenario one or the other approach is more appropriate. Both types of schemes have lower reset rates than text passwords which might be of interest in scenarios with limited support capacities.

Item Type: Conference or Workshop Item
Erschienen: 2014
Editors: Prakash, Atul and Shyamasundar, Rudrapatna
Creators: Mayer, Peter and Volkamer, Melanie and Kauer, Michaela
Title: Authentication Schemes - Comparison and Effective Password Spaces
Language: English
Abstract:

Text passwords are ubiquitous in authentication. Despite this ubiquity, they have been the target of much criticism. One alternative to the pure recall text passwords are graphical authentication schemes. The different proposed schemes harness the vast visual memory of the human brain and exploit cued-recall as well as recognition in addition to pure recall. While graphical authentication in general is promising, basic research is required to better understand which schemes are most appropriate for which scenario (incl. security model and frequency of usage). This paper presents a comparative study in which all schemes are configured to the same effective password space (as used by large Internet companies). The experiment includes both, cued-recall-based and recognition-based schemes. The results demonstrate that recognition-based schemes have the upper hand in terms of effectiveness and cued-recall-based schemes in terms of efficiency. Thus, depending on the scenario one or the other approach is more appropriate. Both types of schemes have lower reset rates than text passwords which might be of interest in scenarios with limited support capacities.

Title of Book: Information Systems Security : International Conference on Information Systems Security (ICISS)
Series Name: Lecture notes in computer science
Volume: 8880
Place of Publication: Berlin, Cham
Publisher: Springer International Publishing
ISBN: 978-3-319-13840-4
Collation: 478 Seiten
Uncontrolled Keywords: Security, Usability and Society;Secure Data;Usable Security; Authentication; Graphical Passwords
Divisions: 16 Department of Mechanical Engineering
16 Department of Mechanical Engineering > Ergonomics (IAD)
20 Department of Computer Science
20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra
20 Department of Computer Science > SECUSO - Security, Usability and Society
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Event Title: International Conference on Information Systems Security (ICISS)
Event Location: Hyderabad, India
Event Dates: 16-20.12.2014
Date Deposited: 25 Nov 2014 08:23
DOI: 10.1007/978-3-319-13841-1_12
Identification Number: TUD-CS-2014-0943
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item