From hot-spots towards experience-spots: Leveraging on users’ sociocultural experiences to enhance security in cued-recall graphical authentication

Argyris Constantinides, Christos Fidas, Marios Belk, Anna Maria Pietron, Ting Han, Andreas Pitsillides

Research output: Contribution to journalArticlepeer-review

12 Citations (Scopus)

Abstract

This paper suggests a novel cued-recall-based graphical authentication method, which leverages on users’ sociocultural experiences for improving the security and memorability of selected secrets. We evaluated the suggested approach in the context of three user studies (n = 139): a) an eye-tracking study (n = 42) focusing on security in terms of resistance to brute-force attacks; b) a two-week study (n = 71) focusing on memorability and login usability; and c) a controlled in-lab user study (n = 26) focusing on human attack vulnerabilities among people sharing common sociocultural experiences. Analysis of results revealed that the suggested approach influenced visual behavior strategies of end-users, which subsequently resulted in significantly stronger passwords created on images reflecting their prior experiences than on images unfamiliar to them. Simultaneously, both reference and control groups performed similarly in terms of memorability and login efficiency and effectiveness. On the downside, the suggested approach introduces password guessing vulnerabilities in terms of allowing attackers who share common experiences with the end-users to more easily identify regions of their selected secrets. Findings point towards a new direction for delivering personalized cued-recall graphical authentication schemes that depict image semantics bootstrapped to users’ real-life experiences.

Original languageEnglish
Article number102602
JournalInternational Journal of Human Computer Studies
Volume149
DOIs
Publication statusPublished - May 2021
Externally publishedYes

Keywords

  • Graphical passwords
  • Memorability
  • Security
  • Sociocultural experiences
  • User authentication
  • User study

ASJC Scopus subject areas

  • Software
  • Human Factors and Ergonomics
  • Education
  • General Engineering
  • Human-Computer Interaction
  • Hardware and Architecture

Fingerprint

Dive into the research topics of 'From hot-spots towards experience-spots: Leveraging on users’ sociocultural experiences to enhance security in cued-recall graphical authentication'. Together they form a unique fingerprint.

Cite this