More Web Proxy on the site http://driver.im/

Article

Déjà Vu: a user study using images for authentication

Authors:

Rachna Dhamija,

Adrian PerrigAuthors Info & Claims

SSYM'00: Proceedings of the 9th conference on USENIX Security Symposium - Volume 9

Page 4

Published: 14 August 2000 Publication History

Abstract

Current secure systems suffer because they neglect the importance of human factors in security. We address a fundamental weakness of knowledge-based authentication schemes, which is the human limitation to remember secure passwords. Our approach to improve the security of these systems relies on recognition-based, rather than recall-based authentication. We examine the requirements of a recognition-based authentication system and propose Déjà Vu, which authenticates a user through her ability to recognize previously seen images. Déjà Vu is more reliable and easier to use than traditional recall-based schemes, which require the user to precisely recall passwords or PINs. Furthermore, it has the advantage that it prevents users from choosing weak passwords and makes it difficult to write down or share passwords with others.

We develop a prototype of Déjà Vu and conduct a user study that compares it to traditional password and PIN authentication. Our user study shows that 90% of all participants succeeded in the authentication tests using Déjà Vu while only about 70% succeeded using passwords and PINS. Our findings indicate that Déjà Vu has potential applications, especially where text input is hard (e.g., PDAs or ATMs), or in situations where passwords are infrequently used (e.g., web site passwords).

References

[1]

{And94} Ross J. Anderson. Why Cryptosystems Fail. Communications of the ACM, 37(11):32-40, November 1994.]]

Digital Library

[2]

{Art99} ID Arts. http://www.id-arts.com/ technology/papers/, 1999.]]

[3]

{AS99} Anne Adams and Martina Angela Sasse. Users are not the enemy: Why users compromise computer security mechanisms and how to take remedial measures. Communications of the ACM, 42(12):40-46, December 1999.]]

Digital Library

[4]

{Bau98} Andrej Bauer. Gallery of random art. WWWat http://andrej.com/art/, 1998.]]

[5]

{Bel93} W. Belgers. Unix password security, 1993.]]

[6]

{Blo96} G. Blonder. United states patent, 1996. United States Patent 5559961.]]

[7]

{CB94} B. Cheswick and S. Bellovin. Firewalls and internet security: Repelling the wily hacker, 1994.]]

Digital Library

[8]

{Dha00} Rachna Dhamija. Hash visualization in user authentication. In Proceedings of the Computer Human Interaction 2000 Conference, April 2000.]]

Digital Library

[9]

{DP89} D. W. Davies and W. L. Price. Security for Computer Networks. John Wiley and Sons, 1989.]]

[10]

{EHMS99} Carl Ellison, Chris Hall, Randy Milbert, and Bruce Schneier. Protecting secret keys with personal entropy. to appear in Future Generation Computer Systems, 1999.]]

[11]

{FK89} D. C. Feldmeier and P. R. Karn. UNIX password security--ten years later (invited), 1989. Lecture Notes in Computer Science Volume 435.]]

[12]

{Gol96} Ian Goldberg. Visual key fingerprint code. Available at http://www.cs. berkeley.edu/iang/visprint.c, 1996.]]

[13]

{Hab70} Ralph Norman Haber. How we remember what we see. Scientific American, 222(5):104-112, May 1970.]]

[14]

{Int80} Helene Intraub. Presentation rate and the representation of briefly glimpsed pictures in memory. Journal of Experimental Psychology: Human Learning and Memory, 6(1):1-12, 1980.]]

[15]

{JMM⁺99} Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter, and Aviel D. Rubin. The design and analysis of graphical passwords. In Proceedings of the 8th USENIX Security Symposium, August 1999.]]

Digital Library

[16]

{Kle90} Daniel Klein. A survey of, and improvements to, password security. In Proceedings of the USENIX Second Security Workshop, Portland, Oregon, 1990.]]

[17]

{Kni94} The Knightmare. Secrets of a Super Hacker. Loompanics Unlimited, Port Townsend, Washington, 1994.]]

[18]

{Lev96} Raph Levien. Pgp snowflake. Personal communication, 1996.]]

[19]

{Man96} Udi Manber. A simple scheme to make passwords based on one-way functions much harder to crack. Computers and Security , 15(2):171-176, 1996.]]

Digital Library

[20]

{MT79} R. Morris and K. Thompson. Password security: A case history. Communications of the ACM, 22(11), Nov 1979.]]

Digital Library

[21]

{Muf92} D. Muffett. Crack: A sensible password checker for unix, 1992. A document distributed with the Crack 4.1 software package.]]

[22]

{Nie93} Jakob Nielsen. Usability Engineering. Academic Press, 1993.]]

[23]

{NP97} M. Naor and B. Pinkas. Visual authentication and identification. In Burt Kaliski, editor, Advances in Cryptology - Crypto '97, pages 322-336, Berlin, 1997. Springer-Verlag. Lecture Notes in Computer Science Volume 1294.]]

Digital Library

[24]

{NS95} M. Naor and A. Shamir. Visual cryptography. In Alfredo De Santis, editor, Advances in Cryptology - EuroCrypt '94, pages 1-12, Berlin, 1995. Springer-Verlag. Lecture Notes in Computer Science Volume 950.]]

[25]

{Pas00} Passlogix. v-go. WWW at http://www. passlogix.com/, 2000.]]

[26]

{PC69} A. Paivio and K. Csapo. Concrete image and verbal memory codes. Journal of Experimental Psychology, 80(2):279-285, 1969.]]

[27]

{PS99} Adrian Perrig and Dawn Song. Hash visualization: A new technique to improve real-world security. In Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce (Cry-TEC '99), 1999.]]

[28]

{SCH70} L. Standing, J. Conezio, and R.N. Haber. Perception and memory for pictures: Single-trial learning of 2500 visual stimuli. Psychonomic Science, 19(2):73-74, 1970.]]

[29]

{Sim91} Karl Sims. Artificial evolution for computer graphics. In Thomas W. Sederberg, editor, Proceedings of the ACM SIGGRAPH Conference on Computer Graphics (SIGGRAPH '91), pages 319-328, Las Vegas, Nevada, USA, July 1991. ACM Press.]]

Digital Library

[30]

{SNS88} J. Steiner, C. Neuman, and J. Schiller. Kerberos: An authentication service for open network systems. In USENIX Conference Proceedings, pages 191-200, 1988.]]

[31]

{WT99} Alma Whitten and J. D. Tygar. Why johnny can't encrypt: A usability evaluation of pgp 5.0. In Proceedings of the 8th USENIX Security Symposium, August 1999.]]

Digital Library

Cited By

Lewis BKirupaharan PRanalli TVenkatasubramanian K(2024)A3C: An Image-Association-Based Computing Device Authentication Framework for People with Upper Extremity ImpairmentsACM Transactions on Accessible Computing10.1145/365252217:2(1-37)Online publication date: 19-Mar-2024
https://dl.acm.org/doi/10.1145/3652522
Katsini CRaptis GCen AGamagedara Arachchilage NNacke L(2021)Eye-GUAna: Higher Gaze-Based Entropy and Increased Password Space in Graphical User Authentication Through GamificationACM Symposium on Eye Tracking Research and Applications10.1145/3448018.3458615(1-7)Online publication date: 25-May-2021
https://dl.acm.org/doi/10.1145/3448018.3458615
Huang LWang C(2021)Notification privacy protection via unobtrusive gripping hand verification using media soundsProceedings of the 27th Annual International Conference on Mobile Computing and Networking10.1145/3447993.3483277(491-504)Online publication date: 25-Oct-2021
https://dl.acm.org/doi/10.1145/3447993.3483277
Show More Cited By

Index Terms

Déjà Vu: a user study using images for authentication

Recommendations

Exploring the Guessability of Image Passwords Using Verbal Descriptions
TRUSTCOM '13: Proceedings of the 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

One claimed advantage of the image passwords used in recognition based graphical authentication systems (RBGSs) over text passwords is that they cannot be written down or verbally disclosed. However, there is no empirical evidence to support this claim. ...
Do SSL models have déjà vu? a case of unintended memorization in self-supervised learning
NIPS '23: Proceedings of the 37th International Conference on Neural Information Processing Systems

Self-supervised learning (SSL) algorithms can produce useful image representations by learning to associate different parts of natural images with one another. However, when taken to the extreme, SSL models can unintendedly memorize specific parts in ...
An Empirical Study on the Web Password Strength in Greece
PCI '11: Proceedings of the 2011 15th Panhellenic Conference on Informatics

Text passwords are commonly used for user authentication in the web. There is lately a strong interest for case studies on the password habits of populations with different cultures and/or languages. In this paper, we augment the existing literature ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

SSYM'00: Proceedings of the 9th conference on USENIX Security Symposium - Volume 9

August 2000

289 pages

Publisher

USENIX Association

United States

Publication History

Published: 14 August 2000

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

144
Total Citations
View Citations
86
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Lewis BKirupaharan PRanalli TVenkatasubramanian K(2024)A3C: An Image-Association-Based Computing Device Authentication Framework for People with Upper Extremity ImpairmentsACM Transactions on Accessible Computing10.1145/365252217:2(1-37)Online publication date: 19-Mar-2024
https://dl.acm.org/doi/10.1145/3652522
Katsini CRaptis GCen AGamagedara Arachchilage NNacke L(2021)Eye-GUAna: Higher Gaze-Based Entropy and Increased Password Space in Graphical User Authentication Through GamificationACM Symposium on Eye Tracking Research and Applications10.1145/3448018.3458615(1-7)Online publication date: 25-May-2021
https://dl.acm.org/doi/10.1145/3448018.3458615
Huang LWang C(2021)Notification privacy protection via unobtrusive gripping hand verification using media soundsProceedings of the 27th Annual International Conference on Mobile Computing and Networking10.1145/3447993.3483277(491-504)Online publication date: 25-Oct-2021
https://dl.acm.org/doi/10.1145/3447993.3483277
Awan KUd Din IAlmogren AKumar NAlmogren A(2021)A Taxonomy of Multimedia-based Graphical User Authentication for Green Internet of ThingsACM Transactions on Internet Technology10.1145/343354422:2(1-28)Online publication date: 22-Oct-2021
https://dl.acm.org/doi/10.1145/3433544
Mathis FWilliamson JVaniea KKhamis M(2021)Fast and Secure Authentication in Virtual Reality Using Coordinated 3D Manipulation and PointingACM Transactions on Computer-Human Interaction10.1145/342812128:1(1-44)Online publication date: 20-Jan-2021
https://dl.acm.org/doi/10.1145/3428121
Saxena MUbnare GDubey A(2019)Virtual Public Cloud Model in Honeypot for Data SecurityProceedings of the 2019 5th International Conference on Computing and Artificial Intelligence10.1145/3330482.3330516(66-71)Online publication date: 19-Apr-2019
https://dl.acm.org/doi/10.1145/3330482.3330516
Jittibumrungrak PHongwarittorrn N(2019)A Preliminary Study to Evaluate Graphical Passwords for Older AdultsProceedings of the 5th International ACM In-Cooperation HCI and UX Conference10.1145/3328243.3328255(88-95)Online publication date: 1-Apr-2019
https://dl.acm.org/doi/10.1145/3328243.3328255
Nicholson JVlachokyriakos VCoventry LBriggs POlivier P(2018)Simple nudges for better password creationProceedings of the 32nd International BCS Human Computer Interaction Conference10.14236/ewic/HCI2018.46(1-12)Online publication date: 4-Jul-2018
https://dl.acm.org/doi/10.14236/ewic/HCI2018.46
Lu BZhang XLing ZZhang YLin Z(2018)A Measurement Study of Authentication Rate-Limiting Mechanisms of Modern WebsitesProceedings of the 34th Annual Computer Security Applications Conference10.1145/3274694.3274714(89-100)Online publication date: 3-Dec-2018
https://dl.acm.org/doi/10.1145/3274694.3274714
Katsini CRaptis GFidas CAvouris NCatarci TNorman KMecella M(2018)Does image grid visualization affect password strength and creation time in graphical authentication?Proceedings of the 2018 International Conference on Advanced Visual Interfaces10.1145/3206505.3206546(1-5)Online publication date: 29-May-2018
https://dl.acm.org/doi/10.1145/3206505.3206546
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents