Skip to main content
SpringerLink
Log in

Over-the-Shoulder Attack Resistant Graphical Authentication Schemes Impact on Working Memory

  • Conference paper
  • First Online:
Advances in Human Factors in Cybersecurity (AHFE 2019)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 960))

Included in the following conference series:

Abstract

Alphanumeric passwords are the most commonly employed authentication scheme. However, technical security requirements often make alphanumeric authentication difficult to use. Researchers have developed graphical authentication schemes to help strike a balance between security requirements and usability. However, replacing characters with pictures has introduced both negative (security vulnerabilities) and positive (memorability benefits) outcomes. We are aware of the noteworthy long-term memory advantages of graphical passcodes, but little is known about the impact on users’ limited working memory resources. Authentication is always a secondary task, which probably consumes working memory. This pilot study examines the impact graphical authentication schemes (Convex-Hull Click; Use Your Illusion; What You See is Where you Enter) have on working memory (Verbal; Spatial; Central Executive). Our findings suggest that graphical authentication schemes impact on working memory varies. This work shows that further investigation is needed to understand the complex relationship between scheme design and working memory.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Grawemeyer, B., Johnson, H.: Using and managing multiple passwords: a week to a view. Interact. Comput. 23, 256–267 (2011)

    Article  Google Scholar 

  2. Zviran, M., Haga, W.J.: Password security: an empirical study. J. Man. Info. Sys. 15, 161–185 (1999)

    Article  Google Scholar 

  3. Cain, A.A., Edwards, M.E., Still, J.D.: An exploratory study of cyber hygiene behaviors and knowledge. J. Info. Secur. App. 42, 36–45 (2018)

    Google Scholar 

  4. Still, J.D.: Cybersecurity needs you! ACM Interact. (May + June: Feature). 23, 54–58 (2016)

    Article  Google Scholar 

  5. Cain, A.A., Still, J.D.: Usability comparison of over-the-shoulder attack resistant authentication schemes. J. Usab. Stud. 13, 196–219 (2018)

    Google Scholar 

  6. Cain, A.A., Werner, S., Still, J.D.: Graphical authentication resistance to over-the-shoulder-attacks. In: Proceedings CHI Conference Extended Abstracts, pp. 2416–2422 (2017)

    Google Scholar 

  7. Biddle, R., Chiasson, S., Van Oorschot, P.C.: Graphical passwords: learning from the first twelve years. ACM Comp. Sur. (CSUR) 44, 1–25 (2012)

    Article  Google Scholar 

  8. Mintzer, M.Z., Snodgrass, J.G.: The picture superiority effect: support for the distinctiveness model. Amer. J. Psyc. 112, 113–146 (1999)

    Article  Google Scholar 

  9. Still, J.D., Cain, A., Schuster, D.: Human-centered authentication guidelines. Info. Comp. Sec. 25, 437–453 (2017)

    Google Scholar 

  10. Tulving, E., Thomson, D.M.: Encoding specificity and retrieval processes in episodic memory. Psyc. Rev. 80, 352–373 (1973)

    Article  Google Scholar 

  11. Werner, S., Hauck, C., Masingale, M.: Password entry times for recognition-based graphical passwords. Proc. Hum. Factors Ergon. Soc. Annu. Meet. 60, 755–759 (2016)

    Article  Google Scholar 

  12. Braz, C., Robert, J.: Security and usability: the case of the user authentication methods. In: Proceedings of the 18th International Conference on Association Francophone d’Interaction Homme-Machine, 199–203 (2006)

    Google Scholar 

  13. Baddeley, A.: Working memory. Science 255, 556–559 (1992)

    Article  Google Scholar 

  14. Logie, R.H.: Retiring the central executive. Q. J. Exp. Psychol. (2016). advance online publication

    Google Scholar 

  15. Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J. C.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the Working Conference on Advanced Visual Interfaces, pp. 177–184 (2006)

    Google Scholar 

  16. Hayashi, E., Dhamija, R., Christin, N., Perrig, A.: Use your illusion: secure authentication usable anywhere. In: Proceedings of the 4th Symposium on Usable Privacy and Security, pp. 35–45 (2008)

    Google Scholar 

  17. Khot, R.A., Kumaraguru, P., Srinathan, K.: WYSWYE: shoulder surfing defense for recognition based graphical passwords. In: Proceedings of the 24th Australian CHI Conference, pp. 285–294 (2012)

    Google Scholar 

  18. Ankush, D.A., Husain, S.S.: Authentication scheme for shoulder surfing using graphical and pair based scheme. Intern. J. Adv. Res. Comp. Sci. Mang. Stud. 2, 161–166 (2014)

    Google Scholar 

  19. Behl, U., Bhat, D., Ubhaykar, N., Godbole, V., Kulkarni, S.: Multi-level scalable textual-graphical password authentication scheme for web based applications. J. Electron. Commun. 3, 166–124 (2014)

    Google Scholar 

  20. Chen, Y.L., Ku, W.C., Yeh, Y.C., Liao, D.M.: A simple text-based shoulder surfing resistant graphical password scheme. In: IEEE ISNE, pp. 161–164 (2013)

    Google Scholar 

  21. Joshuva, M., Rani, T.S., John, M.S.: Implementing CHC to counter shoulder surfing attack in PassPoint–style graphical passwords. Intern. J. Adv. Net. App. 2, 906–910 (2011)

    Google Scholar 

  22. Kiran, T.S.R., Rao, K.S., Rao, M.K.: A novel graphical password scheme resistant to peeping attack. Int. J. Comput. Sci. Inf. Technol. 3, 5051–5054 (2012)

    Google Scholar 

  23. Manjunath, G., Satheesh, K., Saranyadevi, C., Nithya, M.: Text-based shoulder surfing resistant graphical password scheme. Intern. J. Comp. Sci. Info. Tech. 5, 2277–2280 (2014)

    Google Scholar 

  24. Rao, K., Yalamanchili, S.: Novel shoulder-surfing resistant authentication schemes using text-graphical passwords. Int. J. Inf. Secur. 1, 163–170 (2012)

    Google Scholar 

  25. Vachaspati, P.S.V., Chakravarthy, A.S.N., Avadhani, P.S.: A novel soft computing authentication scheme for textual and graphical passwords. Intern. J. Comp. App. 71, 42–54 (2013)

    Google Scholar 

  26. Zhao, H., Li, X.: S3PAS: a scalable shoulder-surfing resistant textual-graphical password authentication scheme. In: 21st AINAW, vol. 2, pp. 467–472 (2007)

    Google Scholar 

  27. Tiller, L., Cain, A., Potter, L., Still, J.D.: Graphical authentication schemes: balancing amount of image distortion. In: Ahram, T., Nicholson, D. (eds.) Advances in Human Factors in Cybersecurity, pp. 88–98 (2019)

    Google Scholar 

  28. Cain, A.A., Still, J.D.: A rapid serial visual presentation method for graphical authentication. In: Nicholson, D. (ed.) Advances in Human Factors Cybersecurity, pp. 3–11. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41932-9_1

    Chapter  Google Scholar 

  29. Gao, H., Guo, X., Chen, X., Wang, L., Liu, X.: Yagp: yet another graphical password strategy. In: Computer Security Applications Conference, pp. 121–129 (2008)

    Google Scholar 

  30. Ghori, F., Abbasi, K.: Secure user authentication using graphical passwords. J. Ind. Stud. Res. 11, 34–40 (2013)

    Google Scholar 

  31. Hui, L.T., Bashier, H.K., Hoe, L.S., Kwee, W.K., Sayeed, M.S.: A hybrid graphical password scheme for high-end system. Aust. J. Bas. App. Sci. 8, 23–29 (2014)

    Google Scholar 

  32. Jenkins, R., McLachlan, J.L., Renaud, K.: Facelock: familiarity-based graphical authentication. Peer J. 2, 1–24 (2014)

    Article  Google Scholar 

  33. Lin, D., Dunphy, P., Olivier, P., Yan, J.: Graphical passwords & qualitative spatial relations. In: Proceedings of Symposium on Usable Privacy and Security, pp. 161–162 (2007)

    Google Scholar 

  34. Meng, Y., Li, W.: Enhancing click-draw based graphical passwords using multi-touch on mobile phones. In: IFIP Conference, pp. 55–68 (2013)

    Chapter  Google Scholar 

  35. Nicholson, J.: Design of a Multi-touch shoulder surfing resilient graphical password. B. Sci. Info. Sys. (2009)

    Google Scholar 

  36. Sasamoto, H., Christin, N., Hayashi, E.: Undercover: authentication usable in front of prying eyes. In: Proceedings of the SIGCHI Conference, pp. 183–192 (2008)

    Google Scholar 

  37. Yakovlev, V.A., Arkhipov, V.V.: User authentication based on the chess graphical password scheme resistant to shoulder surfing. Auto. Con. Comp. Sci. 49, 803–812 (2015)

    Article  Google Scholar 

  38. Zakaria, N.H., Griffiths, D., Brostoff, S., Yan, J.: Shoulder surfing defense for recall-based graphical passwords. In: Proceedings of Seventh Symposium on Usable Privacy and Security, pp. 6–18 (2011)

    Google Scholar 

  39. Bianchi, A., Oakley, I., Kim, H.: PassBYOP: bring your own picture for securing graphical passwords. IEEE Trans. Hum. Mach. Syst. 46, 380–389 (2016)

    Article  Google Scholar 

  40. Brostoff, S., Inglesant, P., Sasse, M.A.: Evaluating the usability and security of a graphical one-time PIN system. In: Proceedings of the 24th BCS Interaction Specialist Conference, pp. 88–97 (2010)

    Google Scholar 

  41. De Luca, A., Hertzschuch, K., Hussmann, H.: ColorPIN: securing PIN entry through indirect input. In: Proceedings of the SIGCHI, pp. 1103–1106 (2010)

    Google Scholar 

  42. Gao, H., Liu, X., Dai, R., Wang, S., Chang, X.: Analysis and evaluation of the colorlogin graphical password scheme. In: Fifth International Conference on Image and Graphics, pp. 722–727 (2009)

    Google Scholar 

  43. Gupta, S., Sahni, S., Sabbu, P., Varma, S., Gangashetty, S.V.: Passblot: a highly scalable graphical one time password system. Intern. J. Net. Sec. App. 4, 201–216 (2012)

    Google Scholar 

  44. Kawagoe, K., Sakaguchi, S., Sakon, Y., Huang, H.H.: Tag association based graphical password using image feature matching. In: International Conference on Database Systems for Advanced Applications, pp. 282–286 (2012)

    Chapter  Google Scholar 

  45. Lashkari, A.H., Manaf, A.A., Masrom, M.: A secure recognition based graphical password by watermarking. In: 11th International Conference on Computer and Information Technology, pp. 164–170 (2011)

    Google Scholar 

  46. Perkovic, T., Cagalj, M., Rakic, N.: SSSL: shoulder surfing safe login. In: 17th International Conference Software, Telecommunications & Computer Network, pp. 270–275 (2009)

    Google Scholar 

  47. Zangooei, T., Mansoori, M., Welch, I.: A hybrid recognition and recall based approach in graphical passwords. In: Proceedings of the 24th Australian CHI Conference, pp. 665–673 (2012)

    Google Scholar 

  48. Still, J.D., Dark, V.J.: Examining working memory load and congruency effects on affordances and conventions. Int. J. Hum Comput Stud. 68, 561–571 (2010)

    Article  Google Scholar 

Download references

Acknowledgments

We thank Paige Duplantis, Lauren Tiller, and Ayobami Fakulujo for their assistance collecting data.

Author information

Authors and Affiliations

  1. Psychology of Design Laboratory, Department of Psychology, Old Dominion University, Norfolk, VA, USA

    Jeremiah D. Still & Ashley A. Cain

Authors
  1. Jeremiah D. Still
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ashley A. Cain
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jeremiah D. Still .

Editor information

Editors and Affiliations

  1. Institute for Advanced Systems Engineering, University of Central Florida, Orlando, FL, USA

    Tareq Ahram

  2. University of Central Florida, Orlando, FL, USA

    Waldemar Karwowski

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Still, J.D., Cain, A.A. (2020). Over-the-Shoulder Attack Resistant Graphical Authentication Schemes Impact on Working Memory. In: Ahram, T., Karwowski, W. (eds) Advances in Human Factors in Cybersecurity. AHFE 2019. Advances in Intelligent Systems and Computing, vol 960. Springer, Cham. https://doi.org/10.1007/978-3-030-20488-4_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-20488-4_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-20487-7

  • Online ISBN: 978-3-030-20488-4

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation