A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords
作者: Furkan Tari , A. Ant Ozok , Stephen H. Holden
关键词: Password strength 、 Password 、 Password policy 、 Shoulder surfing 、 Social engineering (security) 、 Alphanumeric 、 Computer science 、 Human–computer interaction 、 Internet privacy 、 Usability 、 Cognitive password
摘要: Previous research has found graphical passwords to be more memorable than non-dictionary or "strong" alphanumeric passwords. Participants in a prior study expressed concerns that this increase memorability could also lead an increased susceptibility of shoulder-surfing. This appears yet another example the classic trade-off between usability and security for authentication systems. paper explores whether passwords' necessarily leads risks To date, there are no studies examining vulnerability versus shoulder-surfing.This examines real perceived shoulder-surfing two configurations password, Passfaces™[30], compared dictionary A laboratory experiment with 20 participants asked them try shoulder surf Passfaces™ (mouse keyboard data entry) strong weak Data gathered included four system participants' perceptions concerning same vulnerability. An analysis these relative each success configurations. Further examined relationship determined were significant differences shoulder-surfing.Findings indicate configuring entry through is most effective deterrent setting consistent result. While believed mouse would vulnerable attacks, empirical results actually vulnerable.
acm.org
core.ac.uk
elsevier.com
researchgate.net 
sci-hub.se 参考文章(37)
Lorrie Cranor, Simson Garfinkel, Security and Usability O'Reilly Media, Inc.. ,(2005)
Sacha Brostoff, M Angela Sasse, Are Passfaces More Usable Than Passwords? A Field Trial Investigation People and Computers XIV — Usability or Else!. pp. 405- 424 ,(2000) , 10.1007/978-1-4471-0515-2_27
Manton M. Matthews, Shushuang Man, Dawei Hong, A shoulder-surfing resistant graphical password scheme - WIW international workshop on security. pp. 105- 111 ,(2003)
Fabian Monrose, Ian Jermyn, Aviel D. Rubin, Michael K. Reiter, Alain Mayer, The design and analysis of graphical passwords usenix security symposium. pp. 1- 1 ,(1999)
Alma Whitten, J. D. Tygar, Why Johnny can't encrypt: a usability evaluation of PGP 5.0 usenix security symposium. pp. 14- 14 ,(1999)
Lorrie Faith Cranor, Simson Garfinkel, None, Security and Usability: Designing Secure Systems that People Can Use ,(2005)
Fabian Monrose, Darren Davis, Michael K. Reiter, On user choice in graphical password schemes usenix security symposium. pp. 11- 11 ,(2004)
Kevin D. Mitnick, William L. Simon, The Art of Deception: Controlling the Human Element of Security John Wiley & Sons, Inc.. ,(2001)
Amela Karahasanovic, Gregor E. Kennedy, Richard C. Thomas, An investigation into keystroke latency metrics as an indicator of programming performance australasian computing education conference. pp. 127- 134 ,(2005)
Wayne C. Summers, Edward Bosworth, Password policy: the good, the bad, and the ugly Proceedings of the winter international synposium on Information and communication technologies. pp. 1- 6 ,(2004) , 10.5555/984720.984724