14-02-2013, 04:51 PM
Persuasive Cued Click-Points: Design, Implementation, and Evaluation of a Knowledge-Based Authentication Mechanism
Persuasive Cued Click-Points.pdf (Size: 912.79 KB / Downloads: 52)
Abstract
This paper presents an integrated evaluation of the Persuasive Cued Click-Points graphical password scheme, including
usability and security evaluations, and implementation considerations. An important usability goal for knowledge-based authentication
systems is to support users in selecting passwords of higher security, in the sense of being from an expanded effective security space.
We use persuasion to influence user choice in click-based graphical passwords, encouraging users to select more random, and hence
more difficult to guess, click-points.
INTRODUCTION
THE problems of knowledge-based authentication, typically
text-based passwords, are well known. Users often
create memorable passwords that are easy for attackers to
guess, but strong system-assigned passwords are difficult
for users to remember [6].
A password authentication system should encourage
strong passwords while maintaining memorability. We
propose that authentication schemes allow user choice
while influencing users toward stronger passwords. In our
system, the task of selecting weak passwords (which are
easy for attackers to predict) is more tedious, discouraging
users from making such choices. In effect, this approach
makes choosing a more secure password the path of least
resistance. Rather than increasing the burden on users, it is
easier to follow the system’s suggestions for a secure
password—a feature lacking in most schemes.
BACKGROUND
Text passwords are the most popular user authentication
method, but have security and usability problems. Alternatives
such as biometric systems and tokens have their
own drawbacks [8], [9], [10]. Graphical passwords offer
another alternative, and are the focus of this paper.
Click-Based Graphical Passwords
Graphical password systems are a type of knowledge-based
authentication that attempts to leverage the human memory
for visual information [11]. A comprehensive review of
graphical passwords is available elsewhere [12]. Of interest
herein are cued-recall click-based graphical passwords (also
known as locimetric [13]). In such systems, users identify
and target previously selected locations within one or more
images. The images act as memory cues [14] to aid recall.
Example systems include PassPoints [15] and Cued Click-
Points (CCP) [7].
Persuasive Technology
Persuasive Technology was first articulated by Fogg [22] as
using technology to motivate and influence people to behave
in a desired manner. An authentication system which applies
Persuasive Technology should guide and encourage users to
select stronger passwords, but not impose system-generated
passwords. To be effective, the users must not ignore the
persuasive elements and the resulting passwords must be
memorable. As detailed below, PCCP accomplishes this by
making the task of selecting a weak password more tedious
and time consuming. Thepath of least resistance for users is to
select a stronger password (not comprised entirely of known
hotspots or following a predictable pattern). The formation of
hotspots across users is minimized since click-points are
more randomly distributed. PCCP’s design follows Fogg’s
Principle of Reduction by making the desired task of choosing
a strong password easiest and the Principle of Suggestion by
embedding suggestions for a strong password directly within
the process of choosing a password.
PERSUASIVE CUED CLICK POINTS
Previous work (see above) showed that hotspots and
patterns reduce the security of click-based graphical passwords,
as attackers can use skewed password distributions
to predict and prioritize higher probability passwords for
more successful guessing attacks.
Visual attention research [23] shows that different people
are attracted to the same predictable areas on an image. This
suggests that if users select their own click-based graphical
passwords without guidance, hotspots will remain an issue.
Davis et al. [24] suggest that user choice in all types of
graphical passwords is inadvisable due to predictability.
We investigated whether the system could influence
users to select more random click-points while maintaining
usability [2], [3], [4], [5]. The goal was to encourage more
secure behavior by making less secure choices (i.e.,
choosing poor or weak passwords) more time consuming
and awkward. In effect, behaving securely became the safe
path of least resistance [2].
Two-Week Recall Studies
The main intention of the two-week recall studies was to test
long-term password memorability, look at the effects of
multiple password interference, and collect information
about the types of passwords created when users knew that
they would need to recall them later. Each study was
designed to strain memory by setting a difficult recall task so
that differences between the schemes would be amplified.
Participants took part in two individual sessions,
scheduled approximately two weeks apart. The sessions
were 1 hour and 30 minutes long, respectively. In their
first session, participants initially practiced creating and
reentering passwords for two fictitious accounts. The
practice data were discarded and participants did not
need to recall these passwords later. Next, participants
created and reentered passwords for six fictitious accounts
(library, e-mail, bank, online dating, instant messenger,
and work). The accounts were identified by colored
banners at the top of the application window that
included a unique icon and the account name. In the first
session, the accounts were presented to all participants in
the same order. In their second session, participants tried
to reenter these same six passwords in shuffled order.
Summary of Usability Results
We first summarize the studies with comparable theoretical
password spaces (i.e., including PCCP 2wk S5). Overall,
PCCP has similar success rates to the other authentication
schemes evaluated (CCP, PassPoints, and text). PCCP
password entry takes a similar time to the other schemes
in the initial lab sessions, but the results indicate longer
recall times for PCCP when recalling passwords beyond the
initial session. Users who shuffled more had significantly
higher success rates in the PCCP Lab study, but the
difference in success rates between high and low shufflers
was not statistically significant for the two-week or web
studies. Furthermore, users reported favorable opinions of
PCCP in post-task questionnaires [2].
CONCLUDING REMARKS
A common security goal in password-based authentication
systems is to maximize the effective password space. This
impacts usability when user choice is involved. We have
shown that it is possible to allow user choice while still
increasing the effective password space. Furthermore, tools
such as PCCP’s viewport (used during password creation)
cannot be exploited during an attack. Users could be further
deterred (at some cost in usability) from selecting obvious
click-points by limiting the number of shuffles allowed
during password creation or by progressively slowing
system response in repositioning the viewport with every
shuffle past a certain threshold. The approaches discussed in
this paper present a middle ground between insecure but
memorable user-chosen passwords and secure systemgenerated
random passwords that are difficult to remember