Abstract
Passwords today are the most widely used form of authentication, yet have significant issues in regards to security due to human memorability limitations. Inability to remember strong passwords causes users generally to only satisfy the bare minimum requirements during an enrollment process. Users having weak passwords are vulnerable to offline password attacks, where an adversary iteratively guesses the victim’s password and tests for correctness. In this paper, we introduce a new password scheme, Grid framework, that takes advantage of current encryption technologies and reduces the user’s effort to create a strong password. The Grid Framework scheme translates an easy-to-remember sequence on a grid into a complex password consisting of randomly selected uppercase, lowercase, numeric, and special symbols with a minimum length of eighteen characters that the user is not required to memorize. The Grid Framework results in a system that increases memorability for secure authentication.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Dhamija, R., Perrig, A.: Deja Vu-a user study: using images for authentication. In: USENIX Security Symposium, 14 August 2000, vol. 9, p. 4 (2000)
Jablon, D.P.: Extended password key exchange protocols immune to dictionary attacks (1997)
Pliam, J.O.: On the incomparability of entropy and marginal guesswork in brute-force attacks. In: International Conference on Cryptology in India, pp. 67–79. Springer, Heidelberg (2000)
Avoine, G., Bourgeois, A., Carpent, X.: Fingerprint tables: a generalization of rainbow table (2013)
Yan, J., Blackwell, A.: Password memorability and security: empirical results (2004)
Adams, A., Sasse, S.A., Lunt, P.: Making passwords: secure and usable (1997)
Schneier, B.: Choosing a secure password (2014). https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html
Chiasson, S., Forget, A., Biddle, R., von Orschot, P.C.: Influencing users towards better passwords: persuasive cued click-points (2008)
Marques, J.M., Yzerbyt, V.Y., Leyens, J.P.: The black sheep effect: extremity of judgments towards ingroup members as a function of group identification. Eur. J. Soc. Psychol. 18(1), 1–6 (1988)
Renaud, K., De Angeli, A.: My password is here! An investigation into visuo-spatial authentication mechanisms. Interact. Comput. 16(6), 1017–1041 (2004)
Baik, M., Suk, H.J., Lee, J., Choi, K.: Investigation of eye-catching colors using eye tracking. In: IS&T/SPIE Electronic Imaging, 14 March 2013, p. 86510W. International Society for Optics and Photonics (2013)
Cheng, N., Wang, X.O., Cheng, W., Mohapatra, P., Seneviratne, A.: Characterizing privacy leakage of public WiFi networks for users on travel. In: 2013 Proceedings IEEE INFOCOM, 14 April 2013, pp. 2769–2777. IEEE (2013)
Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: International Conference on the Theory and Applications of Cryptographic Techniques, 14 May 2000, pp. 156–171. Springer, Heidelberg (2000)
Orgill, G.L., Romney, G.W., Bailey, M.G., Orgill, P.M.: The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems. In: Proceedings of the 5th Conference on Information Technology Education, 28 October 2004, pp. 177–181. ACM (2004)
Schmalzl, L., Nickels, L.: Treatment of irregular word spelling in acquired dysgraphia: selective benefit from visual mnemonics. Neuropsychological Rehabil. 16(1), 1–37 (2006)
Dill, M., Wolf, R., Heisenberg, M.: Visual pattern recognition in Drosophila involves retinotopic matching. Nature 365(6448), 751–753 (1993)
Courtney, S.M., Ungerleider, L.G., Keil, K., Haxby, J.V.: Object and spatial visual working memory activate separate neural systems in human cortex. Cereb. Cortex 6(1), 39–49 (1996)
Shay, R., Komanduri, S., Durity, A.L., Huh, P.S., Mazurek, M.L., Segreti, S.M., Ur, B., Bauer, L., Christin, N., Cranor, L.F.: Can long passwords be secure and usable? In: Proceedings of the 32nd Annual ACM Conference on Human Factors in Computing Systems, 26 April 2014, pp. 2927–2936. ACM (2014)
Cheon, J.H.: Security analysis of the strong Diffie-Hellman problem. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, 28 May 2006, pp. 1–11. Springer, Heidelberg (2006)
Tasevski, P.: Password attacks and generation strategies. Tartu University, Faculty of Mathematics and Computer Sciences, 21 May 2011
Vishnani, K., Pais, A.R., Mohandas, R.: An in-depth analysis of the epitome of online stealth: keyloggers; and their countermeasures. In: International Conference on Advances in Computing and Communications, 22 July 2011, vol. 22, pp. 10–19. Springer, Heidelberg (2011)
Acknowledgments
This work was supported in part by the U.S. National Science Foundation under Grant SES-1318501.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Biocco, P., Anwar, M. (2018). Grid Framework to Address Password Memorability Issues and Offline Password Attacks. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. AHFE 2017. Advances in Intelligent Systems and Computing, vol 593. Springer, Cham. https://doi.org/10.1007/978-3-319-60585-2_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-60585-2_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-60584-5
Online ISBN: 978-3-319-60585-2
eBook Packages: EngineeringEngineering (R0)