Abstract
This paper proposes a two-factor graphical password authentication scheme, PassPage, which is suitable for website authentication with enhanced security. It leverages the implicit memory based on the user’s web browsing records. Whenever the user tries to log in, the server returns 9 small pages as a challenge, and asks the user to select all the pages the user has browsed besides inputting a text password. We performed user experiments on 12 volunteers. The experiment results showed that the average login success rate on a news website is steadily over 80% when the users are familiar with the login process, and the login success rate does not decrease sharply in 6 days.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Robert, B., Chiasson, S., Van Oorschot, P.C.: Graphical passwords: learning from the first twelve years. ACM Comput. Surv. (CSUR) 44(4), 19 (2012)
Brostoff, S., Sasse, M.A.: Are passfaces more usable than passwords? A field trial investigation. In: McDonald, S., Waern, Y., Cockton, G. (eds.) People and Computers XIV—Usability or Else!, pp. 405–424. Springer, London (2000). https://doi.org/10.1007/978-1-4471-0515-2_27
Bianchi, A., Oakley, I., Kim, H.: PassBYOP: bring your own picture for securing graphical passwords. IEEE Trans. Hum.-Mach. Syst. 46(3), 380–389 (2015)
Uellenbeck, S., et al.: Quantifying the security of graphical passwords: the case of Android unlock patterns. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. ACM (2013)
Stobert, E., Biddle, R.: Memory retrieval and graphical passwords. In: Proceedings of the Ninth Symposium on Usable Privacy and Security. ACM (2013)
Zhu, B.B., et al.: CAPTCHA as graphical passwords—a new security primitive based on hard AI problems. IEEE Trans. Inf. Forensics Secur. 9(6), 891–904 (2014)
Gao, H., et al.: A survey on the use of graphical passwords in security. JSW 8(7), 1678–1698 (2013)
Rao, K., Yalamanchili, S.: Novel shoulder-surfing resistant authentication schemes using text-graphical passwords. Int. J. Inf. Netw. Secur. 1(3), 163 (2012)
Renaud, K., et al.: Are graphical authentication mechanisms as strong as passwords?. In: 2013 Federated Conference on Computer Science and Information Systems. IEEE (2013)
Khan, M.A., et al.: g-RAT—a novel graphical randomized authentication technique for consumer smart devices. IEEE Trans. Consum. Electron. 65(2), 215–223 (2019)
Mackie, I., Yıldırım, M.: A novel hybrid password authentication scheme based on text and image. In: Kerschbaum, F., Paraboschi, S. (eds.) DBSec 2018. LNCS, vol. 10980, pp. 182–197. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-95729-6_12
Mokal, P.H., Devikar, R.N.: A survey on shoulder surfing resistant text based graphical password schemes. Int. J. Sci. Res. (IJSR) 3(4), 747–750 (2014)
Gaikwad, A.: A survey in shoulder surfing resistant graphical authentication system. Int. J. Emerg. Technol. Comput. Sci. 2(3) (2017)
Denning, T., et al.: Exploring implicit memory for painless password recovery. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (2011)
Das, S., Hayashi, E., Hong, J.I: Exploring capturable everyday memory for autobiographical authentication. In: Proceedings of the 2013 ACM International Joint Conference on Pervasive and Ubiquitous Computing (2013)
Sun, H., et al.: PassApp: my app is my password!. In: Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services (2015)
Nguyen, N., Sigg, S.: PassFrame: generating image-based passwords from egocentric videos. In: 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops). IEEE (2017)
Woo, S., et al.: Life-experience passwords (LEPS). In: Proceedings of the 32nd Annual Conference on Computer Security Applications (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Chu, X., Sun, H., Chen, Z. (2020). PassPage: Graphical Password Authentication Scheme Based on Web Browsing Records. In: Bernhard, M., et al. Financial Cryptography and Data Security. FC 2020. Lecture Notes in Computer Science(), vol 12063. Springer, Cham. https://doi.org/10.1007/978-3-030-54455-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-54455-3_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-54454-6
Online ISBN: 978-3-030-54455-3
eBook Packages: Computer ScienceComputer Science (R0)