Abstract
Alphanumeric passwords are the most commonly employed authentication scheme. However, technical security requirements often make alphanumeric authentication difficult to use. Researchers have developed graphical authentication schemes to help strike a balance between security requirements and usability. However, replacing characters with pictures has introduced both negative (security vulnerabilities) and positive (memorability benefits) outcomes. We are aware of the noteworthy long-term memory advantages of graphical passcodes, but little is known about the impact on users’ limited working memory resources. Authentication is always a secondary task, which probably consumes working memory. This pilot study examines the impact graphical authentication schemes (Convex-Hull Click; Use Your Illusion; What You See is Where you Enter) have on working memory (Verbal; Spatial; Central Executive). Our findings suggest that graphical authentication schemes impact on working memory varies. This work shows that further investigation is needed to understand the complex relationship between scheme design and working memory.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Grawemeyer, B., Johnson, H.: Using and managing multiple passwords: a week to a view. Interact. Comput. 23, 256–267 (2011)
Zviran, M., Haga, W.J.: Password security: an empirical study. J. Man. Info. Sys. 15, 161–185 (1999)
Cain, A.A., Edwards, M.E., Still, J.D.: An exploratory study of cyber hygiene behaviors and knowledge. J. Info. Secur. App. 42, 36–45 (2018)
Still, J.D.: Cybersecurity needs you! ACM Interact. (May + June: Feature). 23, 54–58 (2016)
Cain, A.A., Still, J.D.: Usability comparison of over-the-shoulder attack resistant authentication schemes. J. Usab. Stud. 13, 196–219 (2018)
Cain, A.A., Werner, S., Still, J.D.: Graphical authentication resistance to over-the-shoulder-attacks. In: Proceedings CHI Conference Extended Abstracts, pp. 2416–2422 (2017)
Biddle, R., Chiasson, S., Van Oorschot, P.C.: Graphical passwords: learning from the first twelve years. ACM Comp. Sur. (CSUR) 44, 1–25 (2012)
Mintzer, M.Z., Snodgrass, J.G.: The picture superiority effect: support for the distinctiveness model. Amer. J. Psyc. 112, 113–146 (1999)
Still, J.D., Cain, A., Schuster, D.: Human-centered authentication guidelines. Info. Comp. Sec. 25, 437–453 (2017)
Tulving, E., Thomson, D.M.: Encoding specificity and retrieval processes in episodic memory. Psyc. Rev. 80, 352–373 (1973)
Werner, S., Hauck, C., Masingale, M.: Password entry times for recognition-based graphical passwords. Proc. Hum. Factors Ergon. Soc. Annu. Meet. 60, 755–759 (2016)
Braz, C., Robert, J.: Security and usability: the case of the user authentication methods. In: Proceedings of the 18th International Conference on Association Francophone d’Interaction Homme-Machine, 199–203 (2006)
Baddeley, A.: Working memory. Science 255, 556–559 (1992)
Logie, R.H.: Retiring the central executive. Q. J. Exp. Psychol. (2016). advance online publication
Wiedenbeck, S., Waters, J., Sobrado, L., Birget, J. C.: Design and evaluation of a shoulder-surfing resistant graphical password scheme. In: Proceedings of the Working Conference on Advanced Visual Interfaces, pp. 177–184 (2006)
Hayashi, E., Dhamija, R., Christin, N., Perrig, A.: Use your illusion: secure authentication usable anywhere. In: Proceedings of the 4th Symposium on Usable Privacy and Security, pp. 35–45 (2008)
Khot, R.A., Kumaraguru, P., Srinathan, K.: WYSWYE: shoulder surfing defense for recognition based graphical passwords. In: Proceedings of the 24th Australian CHI Conference, pp. 285–294 (2012)
Ankush, D.A., Husain, S.S.: Authentication scheme for shoulder surfing using graphical and pair based scheme. Intern. J. Adv. Res. Comp. Sci. Mang. Stud. 2, 161–166 (2014)
Behl, U., Bhat, D., Ubhaykar, N., Godbole, V., Kulkarni, S.: Multi-level scalable textual-graphical password authentication scheme for web based applications. J. Electron. Commun. 3, 166–124 (2014)
Chen, Y.L., Ku, W.C., Yeh, Y.C., Liao, D.M.: A simple text-based shoulder surfing resistant graphical password scheme. In: IEEE ISNE, pp. 161–164 (2013)
Joshuva, M., Rani, T.S., John, M.S.: Implementing CHC to counter shoulder surfing attack in PassPoint–style graphical passwords. Intern. J. Adv. Net. App. 2, 906–910 (2011)
Kiran, T.S.R., Rao, K.S., Rao, M.K.: A novel graphical password scheme resistant to peeping attack. Int. J. Comput. Sci. Inf. Technol. 3, 5051–5054 (2012)
Manjunath, G., Satheesh, K., Saranyadevi, C., Nithya, M.: Text-based shoulder surfing resistant graphical password scheme. Intern. J. Comp. Sci. Info. Tech. 5, 2277–2280 (2014)
Rao, K., Yalamanchili, S.: Novel shoulder-surfing resistant authentication schemes using text-graphical passwords. Int. J. Inf. Secur. 1, 163–170 (2012)
Vachaspati, P.S.V., Chakravarthy, A.S.N., Avadhani, P.S.: A novel soft computing authentication scheme for textual and graphical passwords. Intern. J. Comp. App. 71, 42–54 (2013)
Zhao, H., Li, X.: S3PAS: a scalable shoulder-surfing resistant textual-graphical password authentication scheme. In: 21st AINAW, vol. 2, pp. 467–472 (2007)
Tiller, L., Cain, A., Potter, L., Still, J.D.: Graphical authentication schemes: balancing amount of image distortion. In: Ahram, T., Nicholson, D. (eds.) Advances in Human Factors in Cybersecurity, pp. 88–98 (2019)
Cain, A.A., Still, J.D.: A rapid serial visual presentation method for graphical authentication. In: Nicholson, D. (ed.) Advances in Human Factors Cybersecurity, pp. 3–11. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41932-9_1
Gao, H., Guo, X., Chen, X., Wang, L., Liu, X.: Yagp: yet another graphical password strategy. In: Computer Security Applications Conference, pp. 121–129 (2008)
Ghori, F., Abbasi, K.: Secure user authentication using graphical passwords. J. Ind. Stud. Res. 11, 34–40 (2013)
Hui, L.T., Bashier, H.K., Hoe, L.S., Kwee, W.K., Sayeed, M.S.: A hybrid graphical password scheme for high-end system. Aust. J. Bas. App. Sci. 8, 23–29 (2014)
Jenkins, R., McLachlan, J.L., Renaud, K.: Facelock: familiarity-based graphical authentication. Peer J. 2, 1–24 (2014)
Lin, D., Dunphy, P., Olivier, P., Yan, J.: Graphical passwords & qualitative spatial relations. In: Proceedings of Symposium on Usable Privacy and Security, pp. 161–162 (2007)
Meng, Y., Li, W.: Enhancing click-draw based graphical passwords using multi-touch on mobile phones. In: IFIP Conference, pp. 55–68 (2013)
Nicholson, J.: Design of a Multi-touch shoulder surfing resilient graphical password. B. Sci. Info. Sys. (2009)
Sasamoto, H., Christin, N., Hayashi, E.: Undercover: authentication usable in front of prying eyes. In: Proceedings of the SIGCHI Conference, pp. 183–192 (2008)
Yakovlev, V.A., Arkhipov, V.V.: User authentication based on the chess graphical password scheme resistant to shoulder surfing. Auto. Con. Comp. Sci. 49, 803–812 (2015)
Zakaria, N.H., Griffiths, D., Brostoff, S., Yan, J.: Shoulder surfing defense for recall-based graphical passwords. In: Proceedings of Seventh Symposium on Usable Privacy and Security, pp. 6–18 (2011)
Bianchi, A., Oakley, I., Kim, H.: PassBYOP: bring your own picture for securing graphical passwords. IEEE Trans. Hum. Mach. Syst. 46, 380–389 (2016)
Brostoff, S., Inglesant, P., Sasse, M.A.: Evaluating the usability and security of a graphical one-time PIN system. In: Proceedings of the 24th BCS Interaction Specialist Conference, pp. 88–97 (2010)
De Luca, A., Hertzschuch, K., Hussmann, H.: ColorPIN: securing PIN entry through indirect input. In: Proceedings of the SIGCHI, pp. 1103–1106 (2010)
Gao, H., Liu, X., Dai, R., Wang, S., Chang, X.: Analysis and evaluation of the colorlogin graphical password scheme. In: Fifth International Conference on Image and Graphics, pp. 722–727 (2009)
Gupta, S., Sahni, S., Sabbu, P., Varma, S., Gangashetty, S.V.: Passblot: a highly scalable graphical one time password system. Intern. J. Net. Sec. App. 4, 201–216 (2012)
Kawagoe, K., Sakaguchi, S., Sakon, Y., Huang, H.H.: Tag association based graphical password using image feature matching. In: International Conference on Database Systems for Advanced Applications, pp. 282–286 (2012)
Lashkari, A.H., Manaf, A.A., Masrom, M.: A secure recognition based graphical password by watermarking. In: 11th International Conference on Computer and Information Technology, pp. 164–170 (2011)
Perkovic, T., Cagalj, M., Rakic, N.: SSSL: shoulder surfing safe login. In: 17th International Conference Software, Telecommunications & Computer Network, pp. 270–275 (2009)
Zangooei, T., Mansoori, M., Welch, I.: A hybrid recognition and recall based approach in graphical passwords. In: Proceedings of the 24th Australian CHI Conference, pp. 665–673 (2012)
Still, J.D., Dark, V.J.: Examining working memory load and congruency effects on affordances and conventions. Int. J. Hum Comput Stud. 68, 561–571 (2010)
Acknowledgments
We thank Paige Duplantis, Lauren Tiller, and Ayobami Fakulujo for their assistance collecting data.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Still, J.D., Cain, A.A. (2020). Over-the-Shoulder Attack Resistant Graphical Authentication Schemes Impact on Working Memory. In: Ahram, T., Karwowski, W. (eds) Advances in Human Factors in Cybersecurity. AHFE 2019. Advances in Intelligent Systems and Computing, vol 960. Springer, Cham. https://doi.org/10.1007/978-3-030-20488-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-20488-4_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-20487-7
Online ISBN: 978-3-030-20488-4
eBook Packages: EngineeringEngineering (R0)