Understanding Insider Attacks in Personalized Picture Password Schemes

Argyris Constantinides, Marios Belk, Christos Fidas, Andreas Pitsillides

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Citation (Scopus)


Picture passwords, which require users to complete a picture-based task to login, are increasingly being embraced by researchers as they offer a better tradeoff between security and memorability. Recent works proposed the use of personalized familiar pictures, which are bootstrapped to the users’ prior sociocultural activities and experiences. However, such personalized approaches might entail guessing vulnerabilities by people close to the user (e.g., family members, acquaintances) with whom they share common experiences within the depicted familiar sceneries. To shed light on this aspect, we conducted a controlled in-lab eye-tracking user study (n = 18) focusing on human attack vulnerabilities among people sharing common sociocultural experiences. Results revealed that insider attackers, who share common experiences with the legitimate users, can easily identify regions of their selected secrets. The extra knowledge possessed by people close to the user was also reflected on their visual behavior during the human attack phase. Such findings can drive the design of assistive security mechanisms within personalized picture password schemes.

Original languageEnglish
Title of host publicationHuman-Computer Interaction – INTERACT 2021 - 18th IFIP TC 13 International Conference, Proceedings
EditorsCarmelo Ardito, Rosa Lanzilotti, Alessio Malizia, Alessio Malizia, Helen Petrie, Antonio Piccinno, Giuseppe Desolda, Kori Inkpen
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages10
ISBN (Print)9783030856090
Publication statusPublished - 2021
Externally publishedYes
Event18th IFIP TC 13 International Conference on Human-Computer Interaction, INTERACT 2021 - Virtual, Online
Duration: 30 Aug 20213 Sept 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12935 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference18th IFIP TC 13 International Conference on Human-Computer Interaction, INTERACT 2021
CityVirtual, Online


  • Eye-tracking
  • Picture passwords
  • Security
  • User study

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Understanding Insider Attacks in Personalized Picture Password Schemes'. Together they form a unique fingerprint.

Cite this