Abstract
Locimetric authentication is a form of graphical authentication in which users validate their identity by selecting predetermined points on a predetermined image. Its primary advantage over the ubiquitous text-based approach stems from users’ superior ability to remember visual information over textual information, coupled with the authentication process being transformed to one requiring recognition (instead of recall). Ideally, these differentiations enable users to create more complex passwords, which theoretically are more secure. Yet locimetric authentication has one significant weakness: hot-spots. This term refers to areas of an image that users gravitate towards, and which consequently have a higher probability of being selected. Although many strategies have been proposed to counter the hot-spot problem, one area that has received little attention is that of resolution. The hypothesis here is that high-resolution images would afford the user a larger password space, and consequently any hot-spots would dissipate. We employ an experimental approach, where users generate a series of locimetric passwords on either low- or high-resolution images. Our research reveals the presence of hot-spots even in high-resolution images, albeit at a lower level than that exhibited with low-resolution images. We conclude by reinforcing that other techniques – such as existing or new software controls or training – need to be utilized to mitigate the emergence of hot-spots with the locimetric scheme.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Baddeley, A., Turner, R., Mateu, J., Bevan, A.: Hybrids of Gibbs point process models and their implementation. J. Stat. Softw. 55(11), 1–43 (2013). https://doi.org/10.18637/jss.v055.i11
Baddeley, A., et al.: Spatial Point Patterns: Methodology and Applications with R. Chapman and Hall/CRC Press, London (2015)
Baddeley, A., Turner, R.: Spatstat: an R package for analyzing spatial point patterns. J. Stat. Softw. 12(6), 1–42 (2005)
Blonder, G.E.: Graphical password. Patent number: 5559961. United States Patent and Trademark Office (1996)
Bulling, A., et al.: Increasing the security of gaze-based cued-recall graphical passwords using saliency masks. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 3011–3020 ACM Inc., New York (2012). https://doi.org/10.1145/2207676.2208712
Chiasson, S., van Oorschot, P.C., Biddle, R.: Graphical password authentication using cued click points. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 359–374. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74835-9_24
Chiasson, S., et al.: Influencing users towards better passwords: persuasive cued click-points. In: Proceedings of the 22nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction, vol. 1, pp. 121–130. BCS Learning & Development Ltd., Swindon (2008)
Chiasson, S., et al.: Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism. IEEE Trans. Dependable Secure Comput. 9(2), 222–235 (2012). https://doi.org/10.1109/TDSC.2011.55
Clark, P.J., Evans, F.C.: Distance to nearest neighbor as a measure of spatial relationships in populations. Ecology 35(4), 445–453 (1954). https://doi.org/10.2307/1931034
De Angeli, A., et al.: Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. Int. J. Hum. Comput. Stud. 63(1–2), 128–152 (2005). https://doi.org/10.1016/j.ijhcs.2005.04.020
Dirik, A.E., et al.: Modeling user choice in the PassPoints graphical password scheme. In: Proceedings of the 3rd Symposium on Usable Privacy and Security, pp. 20–28. ACM Inc., Pittsburg (2007). https://doi.org/10.1145/1280680.1280684
Donnelly, K.: Simulation to determine the variance and edge-effect of total nearest neighbour distance. In: Hodder, I. (ed.) Simulation Methods in Archeology, pp. 91–95. Cambridge University Press, Cambridge (1978)
Gao, H., Jia, W., Liu, N., Li, K.: The hot-spots problem in Windows 8 graphical password scheme. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds.) CSS 2013. LNCS, vol. 8300, pp. 349–362. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-03584-0_26
Huang, D.-L., Rau, P.-L.P., Salvendy, G.: A survey of factors influencing people’s perception of information security. In: Jacko, J.A. (ed.) HCI 2007. LNCS, vol. 4553, pp. 906–915. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73111-5_100
Petrere, M.: The variance of the index (R) of aggregation of Clark and Evans. Oecologia 68(1), 158–159 (1985). https://doi.org/10.1007/BF00379489
Pixabay: Brush Chalk Color Atelier Paint. https://pixabay.com/photos/brush-chalk-color-atelier-paint-2927793/. Accessed 2 Feb 2021
Pixabay: Car Vehicle Motor Transport. https://pixabay.com/photos/car-vehicle-motor-transport-3046424/. Accessed 2 Feb 2021
Pixabay: Home Interior Room House Furniture. https://pixabay.com/photos/home-interior-room-house-furniture-1438305/. Accessed 2 Feb 2021
Pixabay: Hot Air Balloons Adventure Balloons. https://pixabay.com/photos/hot-air-balloons-adventure-balloons-1867279/. Accessed 2 Feb 2021
Pixabay: Mat Spices. https://pixabay.com/photos/mat-spices-3251064/. Accessed 2 Feb 2021
Pixabay: Santorini City Greece Tourism. https://pixabay.com/photos/santorini-city-greece-tourism-4044972/. Accessed 2 Feb 2021
Pixabay: Vegetables Carrots Garlic Celery. https://pixabay.com/photos/vegetables-carrots-garlic-celery-1212845/. Accessed 2 Feb 2021
Pommerening, A., Stoyan, D.: Edge-correction needs in estimating indices of spatial forest structure. Can. J. For. Res. 36(7), 1723–1739 (2006). https://doi.org/10.1139/x06-060
R Core Team: A language and environment for statistical computing. R Foundation for Statistical Computing, Vienna, Austria (2013). http://www.R-project.org/
Stobert, E., et al.: Exploring usability effects of increasing security in click-based graphical passwords. In: Proceedings of the 26th Annual Computer Security Applications Conference, pp. 79–88. ACM Inc., New York (2010). https://doi.org/10.1145/1920261.1920273
Thorpe, J., Van Oorschot, P.C.: Human-seeded attacks and exploiting hot-spots in graphical passwords. In: Proceedings of the 16th USENIX Security Symposium, pp. 103–118 (2007). https://www.usenix.org/legacy/events/sec07/tech/full_papers/thorpe/thorpe.pdf. Accessed 11 June 2021
Ur, B., et al.: How does your password measure up? The effect of strength meters on password creation. In: Proceedings of the 21st USENIX Security Symposium, pp. 65–80 (2012). https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final209.pdf. Accessed 11 June 2021
Waskom, M., et al.: mwaskom/seaborn: v0.11.1. Zenodo (2020). https://zenodo.org/record/4379347#.YMQHVjZKh6M. Accessed 11 June 2021
Wiedenbeck, S., et al.: Authentication using graphical passwords: Basic results. In: Proceedings of the 11th International Conference on Human-Computer Interaction International (HCII 2005), Las Vegas, NV (2005). http://www.jimwaters.info/pubs/Graphical-Password-Basic-Results-2005.pdf. Accessed 11 June 2021
Wiedenbeck, S., et al.: Authentication using graphical passwords: Effects of tolerance and image choice. In: Proceedings of the 2005 Symposium on Usable Privacy and Security (2005), pp. 1–12 (2005). https://doi.org/10.1145/1073001.1073002
Wiedenbeck, S., et al.: PassPoints: design and longitudinal evaluation of a graphical password system. Int. J. Hum. Comput. Stud. 63(1), 102–127 (2005). https://doi.org/10.1016/j.ijhcs.2005.04.010
Yıldırım, M., Mackie, I.: Encouraging users to improve password security and memorability. Int. J. Inf. Secur. 18(6), 741–759 (2019). https://doi.org/10.1007/s10207-019-00429-y
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Saravanos, A., Zheng, D., Zervoudakis, S., Delfino, D. (2021). Exploring the Effect of Resolution on the Usability of Locimetric Authentication. In: Stephanidis, C., et al. HCI International 2021 - Late Breaking Papers: Design and User Experience. HCII 2021. Lecture Notes in Computer Science(), vol 13094. Springer, Cham. https://doi.org/10.1007/978-3-030-90238-4_27
Download citation
DOI: https://doi.org/10.1007/978-3-030-90238-4_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-90237-7
Online ISBN: 978-3-030-90238-4
eBook Packages: Computer ScienceComputer Science (R0)