Change search
ReferencesLink to record
Permanent link

Direct link
Authentication Schemes - Comparison and Effective Password Spaces
Tech Univ Darmstadt, Ctr Adv Secur Res Darmstadt, Darmstadt, Germany.
Tech Univ Darmstadt, Ctr Adv Secur Res Darmstadt, Darmstadt, Germany.
Tech Univ Darmstadt, Inst Ergon, Darmstadt, Germany.
2014 (English)In: INFORMATION SYSTEMS SECURITY (ICISS 2014), Springer Berlin/Heidelberg, 2014, 204-225 p.Conference paper (Refereed)Text
Abstract [en]

Text passwords are ubiquitous in authentication. Despite this ubiquity, they have been the target of much criticism. One alternative to the pure recall text passwords are graphical authentication schemes. The different proposed schemes harness the vast visual memory of the human brain and exploit cued-recall as well as recognition in addition to pure recall. While graphical authentication in general is promising, basic research is required to better understand which schemes are most appropriate for which scenario (incl. security model and frequency of usage). This paper presents a comparative study in which all schemes are configured to the same effective password space (as used by large Internet companies). The experiment includes both, cued-recall-based and recognition-based schemes. The results demonstrate that recognition-based schemes have the upper hand in terms of effectiveness and cued-recall-based schemes in terms of efficiency. Thus, depending on the scenario one or the other approach is more appropriate. Both types of schemes have lower reset rates than text passwords which might be of interest in scenarios with limited support capacities.

Place, publisher, year, edition, pages
Springer Berlin/Heidelberg, 2014. 204-225 p.
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 8880
Keyword [en]
Usable Security, Authentication, Graphical Passwords
National Category
Computer Science
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-44902ISI: 000354696600012ISBN: 978-3-319-13841-1ISBN: 978-3-319-13840-4OAI: oai:DiVA.org:kau-44902DiVA: diva2:952894
Conference
10th International Conference on Information System Security (ICISS), DEC 16-20, 2014, Inst Dev & Res Banking Technol, Hyderabad, INDIA
Available from: 2016-08-16 Created: 2016-08-15 Last updated: 2016-08-16Bibliographically approved

Open Access in DiVA

No full text

Search in DiVA

By author/editor
Volkamer, Melanie
Computer Science

Search outside of DiVA

GoogleGoogle Scholar

ReferencesLink to record
Permanent link

Direct link