PassBYOP: Bring Your Own Picture for Securing Graphical Passwords
Cited 0 times inCited 0 times in
- PassBYOP: Bring Your Own Picture for Securing Graphical Passwords
- Bianchi, Andrea; Oakley, Ian; Kim, Hyoungshick
- Issue Date
- IEEE TRANSACTIONS ON HUMAN-MACHINE SYSTEMS, v.46, no.3, pp.380 - 389
- PassBYOP is a new graphical password scheme for public terminals that replaces the static digital images typically used in graphical password systems with personalized physical tokens, herein in the form of digital pictures displayed on a physical user-owned device such as a mobile phone. Users present these images to a system camera and then enter their password as a sequence of selections on live video of the token. Highly distinctive optical features are extracted from these selections and used as the password. We present three feasibility studies of PassBYOP examining its reliability, usability, and security against observation. The reliability study shows that image-feature based passwords are viable and suggests appropriate system thresholds—password items should contain a minimum of seven features, 40% of which must geometrically match originals stored on an authentication server in order to be judged equivalent. The usability study measures task completion times and error rates, revealing these to be 7.5 s and 9%, broadly comparable with prior graphical password systems that use static digital images. Finally, the security study highlights PassBYOP’s resistance to observation attack—three attackers are unable to compromise a password using shoulder surfing, camerabased observation, or malware. These results indicate that PassBYOP shows promise for security while maintaining the usability of current graphical password schemes.
- Appears in Collections:
- DHE_Journal Papers
- Files in This Item:
- There are no files associated with this item.
can give you direct access to the published full text of this article. (UNISTARs only)
Show full item record
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.