Accessible Requires Authentication Published by Oldenbourg Wissenschaftsverlag January 14, 2020

CogniPGA: Longitudinal Evaluation of Picture Gesture Authentication with Cognition-Based Intervention

Christina Katsini, Nikolaos Avouris and Christos Fidas
From the journal i-com

Abstract

There is evidence that the visual behavior of users when creating graphical passwords affects the password strength. Adopting a cognitive style perspective in the interpretation of the results of recent studies revealed that users, depending on their cognitive style, follow different visual exploration paths when creating graphical passwords which affected the password strength. To take advantage of the inherent abilities of people, we proposed CogniPGA, a cued-recall graphical authentication scheme where a cognition-based intervention using gaze data is applied. This paper presents the longitudinal evaluation of the proposed scheme in terms of security, memorability, and usability from a cognitive style perspective. Results strengthen the assumptions that understanding and using the inherent cognitive characteristics of users could enable the design of user-first authentication schemes, where no compromises need to be made on security for benefiting usability or the other way around.

Funding source: Hellenic Foundation for Research and Innovation

Award Identifier / Grant number: 617

Funding statement: This research was supported by the General Secretariat for Research and Technology (GSRT) and the Hellenic Foundation for Research and Innovation (HFRI) – 1st Proclamation of Scholarships for PhD Candidates / Code: 617.

Acknowledgment

We would like to thank all the participants who took part in our study. Special thanks goes to the teaching staff of the two laboratories for their excellent cooperation.

References

[1] Yasemin Acar, Michael Backes, Sascha Fahl, Simson Garfinkel, Doowon Kim, Michelle L. Mazurek and Christian Stransky, Comparing the Usability of Cryptographic APIs, in: 2017 IEEE Symposium on Security and Privacy (SP), pp. 154–171, May 2017. Search in Google Scholar

[2] Florian Alt, Stefan Schneegass, Alireza Sahami Shirazi, Mariam Hassib and Andreas Bulling, Graphical Passwords in the Wild: Understanding How Users Choose Pictures and Passwords in Image-based Authentication Schemes, in: Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI ’15, pp. 316–322, ACM, New York, NY, USA, 2015. Search in Google Scholar

[3] Florian Alt, Mateusz Mikusz, Stefan Schneegass and Andreas Bulling, Memorability of Cued-recall Graphical Passwords with Saliency Masks, in: Proceedings of the 15th International Conference on Mobile and Ubiquitous Multimedia, MUM ’16, pp. 191–200, ACM, New York, NY, USA, 2016. Search in Google Scholar

[4] Charoula Angeli, Nicos Valanides and Paul Kirschner, Field Dependence–Independence and Instructional-Design Effects on Learners’ Performance with a Computer-Modeling Tool, Computers in Human Behavior25 (2009), 1355–1366. Search in Google Scholar

[5] Nalin Asanka Gamagedara Arachchilage, Steve Love and Konstantin Beznosov, Phishing Threat Avoidance Behaviour: An Empirical Investigation, Computers in Human Behavior60 (2016), 185–197. Search in Google Scholar

[6] Steven J. Armstrong, Eva Cools and Eugene Sadler-Smith, Role of Cognitive Styles in Business and Management: Reviewing 40 Years of Research, International Journal of Management Reviews14 (2012), 238–262. Search in Google Scholar

[7] Adam J. Aviv, Devon Budzitowski and Ravi Kuber, Is Bigger Better? Comparing User-Generated Passwords on 3×3 vs. 4×4 Grid Sizes for Android’s Pattern Unlock, in: Proceedings of the 31st Annual Computer Security Applications Conference, ACSAC 2015, pp. 301–310, ACM, New York, NY, USA, 2015. Search in Google Scholar

[8] Marios Belk, Christos Fidas, Panagiotis Germanakos and George Samaras, The Interplay Between Humans, Technology and User Authentication, Computers in Human Behavior76 (2017), 184–200. Search in Google Scholar

[9] Marios Belk, Christos Fidas, Christina Katsini, Nikolaos Avouris and George Samaras, Effects of Human Cognitive Differences on Interaction and Visual Behavior in Graphical User Authentication, in: Human-Computer Interaction – INTERACT 2017 (Regina Bernhaupt, Girish Dalvi, Anirudha Joshi, Devanuj K. Balkrishan, Jacki O’Neill and Marco Winckler, eds.), pp. 287–296, Springer International Publishing, Cham, 2017. Search in Google Scholar

[10] Shlomo Berkovsky, Ronnie Taib, Irena Koprinska, Eileen Wang, Yucheng Zeng, Jingjie Li and Sabina Kleitman, Detecting Personality Traits Using Eye-Tracking Data, in: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, CHI ’19, pp. 221:1–221:12, ACM, New York, NY, USA, 2019. Search in Google Scholar

[11] Andrea Bianchi, Ian Oakley and Hyoungshick Kim, PassBYOP: Bring Your Own Picture for Securing Graphical Passwords, IEEE Transactions on Human-Machine Systems46 (2016), 380–389. Search in Google Scholar

[12] Robert Biddle, Mohammad Mannan, Paul C. van Oorschot and Tara Whalen, User Study, Analysis, and Usable Security of Passwords Based on Digital Objects, IEEE Transactions on Information Forensics and Security6 (2011), 970–979. Search in Google Scholar

[13] Robert Biddle, Sonia Chiasson and Paul C. van Oorschot, Graphical Passwords: Learning from the First Twelve Years, ACM Computing Surveys44 (2012), 19:1–19:41. Search in Google Scholar

[14] John Brooke, SUS - A Quick and Dirty Usability Scale, Usability Evaluation in Industry (Patrick W. Jordan, Bruce Thomas, Bernard A. Weerdmeester and Ian L. McClelland, eds.), Taylor & Francis, London, UK, 1996. Search in Google Scholar

[15] Sacha Brostoff and M. Angela Sasse, Are Passfaces More Usable Than Passwords? A Field Trial Investigation, in: People and Computers XIV – Usability or Else! (Sharon McDonald, Yvonne Waern and Gilbert Cockton, eds.), pp. 405–424, Springer London, London, 2000. Search in Google Scholar

[16] Andreas Bulling, Florian Alt and Albrecht Schmidt, Increasing the Security of Gaze-based Cued-recall Graphical Passwords Using Saliency Masks, in: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI ’12, pp. 3011–3020, ACM, New York, NY, USA, 2012. Search in Google Scholar

[17] Hsin-Yi Chiang and Sonia Chiasson, Improving User Authentication on Mobile Devices: A Touchscreen Graphical Password, in: Proceedings of the 15th International Conference on Human-computer Interaction with Mobile Devices and Services, MobileHCI ’13, pp. 251–260, ACM, New York, NY, USA, 2013. Search in Google Scholar

[18] Sonia Chiasson, Robert Biddle and Paul C. van Oorschot, A Second Look at the Usability of Click-based Graphical Passwords, in: Proceedings of the 3rd Symposium on Usable Privacy and Security, SOUPS ’07, pp. 1–12, ACM, New York, NY, USA, 2007. Search in Google Scholar

[19] Sonia Chiasson, Paul C. van Oorschot and Robert Biddle, Graphical Password Authentication Using Cued Click Points, in: Computer Security – ESORICS 2007 (Joachim Biskup and Javier López, eds.), pp. 359–374, Springer Berlin Heidelberg, Berlin, Heidelberg, 2007. Search in Google Scholar

[20] Sonia Chiasson, Alain Forget, Robert Biddle and Paul C. van Oorschot, Influencing Users Towards Better Passwords: Persuasive Cued Click-points, in: Proceedings of the 22Nd British HCI Group Annual Conference on People and Computers: Culture, Creativity, Interaction - Volume 1, BCS-HCI ’08, pp. 121–130, British Computer Society, Swinton, UK, UK, 2008. Search in Google Scholar

[21] Sonia Chiasson, Alain Forget, Elizabeth Stobert, Paul C. van Oorschot and Robert Biddle, Multiple Password Interference in Text Passwords and Click-based Graphical Passwords, in: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS ’09, pp. 500–511, ACM, New York, NY, USA, 2009. Search in Google Scholar

[22] Sonia Chiasson, Elizabeth Stobert, Alain Forget, Robert Biddle and Paul C. van Oorschot, Persuasive cued click-points: Design, implementation, and evaluation of a knowledge-based authentication mechanism, IEEE Transactions on Dependable and Secure Computing9 (2012), 222–235. Search in Google Scholar

[23] Soumyadeb Chowdhury, Ron Poet and Lewis Mackenzie, A Comprehensive Study of the Usability of Multiple Graphical Passwords, in: Human-Computer Interaction – INTERACT 2013 (Paula Kotzé, Gary Marsden, Gitte Lindgaard, Janet Wesson and Marco Winckler, eds.), pp. 424–441, Springer Berlin Heidelberg, Berlin, Heidelberg, 2013. Search in Google Scholar

[24] Gradeigh D. Clark, Janne Lindqvist and Antti Oulasvirta, Composition Policies for Gesture Passwords: User Choice, Security, Usability and Memorability, in: 2017 IEEE Conference on Communications and Network Security (CNS), pp. 1–9, IEEE, October 2017. Search in Google Scholar

[25] Darren Davis, Fabian Monrose and Michael K. Reiter, On User Choice in Graphical Password Schemes, in: Proceedings of the 13th Conference on USENIX Security Symposium - Volume 13, SSYM’04, pp. 151–164, USENIX Association, Berkeley, CA, USA, 2004. Search in Google Scholar

[26] Antonella De Angeli, Mike Coutts, Lynne Coventry, Graham I. Johnson, David Cameron and Martin H. Fischer, VIP: A Visual Approach to User Authentication, in: Proceedings of the Working Conference on Advanced Visual Interfaces, AVI ’02, pp. 316–323, ACM, New York, NY, USA, 2002. Search in Google Scholar

[27] Antonella De Angeli, Lynne Coventry, Graham Johnson and Karen Renaud, Is a Picture Really Worth a Thousand Words? Exploring the Feasibility of Graphical Authentication Systems, International Journal of Human-Computer Studies63 (2005), 128–152. Search in Google Scholar

[28] Rachna Dhamija and Adrian Perrig, DéJà Vu: A User Study Using Images for Authentication, in: Proceedings of the 9th Conference on USENIX Security Symposium - Volume 9, SSYM’00, pp. 45–58, USENIX Association, Berkeley, CA, USA, 2000. Search in Google Scholar

[29] Paul Dunphy and Jeff Yan, Do Background Images Improve “Draw a Secret” Graphical Passwords?, in: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS ’07, pp. 36–47, ACM, New York, NY, USA, 2007. Search in Google Scholar

[30] Paul Dunphy, Andreas P. Heiner and N. Asokan, A Closer Look at Recognition-based Graphical Passwords on Mobile Devices, in: Proceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS ’10, pp. 3:1–3:12, ACM, New York, NY, USA, 2010. Search in Google Scholar

[31] Rosanne English and Ron Poet, Measuring the Revised Guessability of Graphical Passwords, in: 2011 5th International Conference on Network and System Security, pp. 364–368, September 2011. Search in Google Scholar

[32] Yannick Forster, Frederik Naujoks and Alexandra Neukum, Your Turn or My Turn?: Design of a Human-Machine Interface for Conditional Automation, in: Proceedings of the 8th International Conference on Automotive User Interfaces and Interactive Vehicular Applications, Automotive’UI 16, pp. 253–260, ACM, New York, NY, USA, 2016. Search in Google Scholar

[33] Enrique Frias-Martinez, Sherry Y. Chen and Xiaohui Liu, Evaluation of a Personalized Digital Library based on Cognitive Styles: Adaptivity vs. Adaptability, International Journal of Information Management29 (2009), 48–56. Search in Google Scholar

[34] Markus Funk, Karola Marky, Iori Mizutani, Mareike Kritzler, Simon Mayer and Florian Michahelles, LookUnlock: Using Spatial-Targets for User-Authentication on HMDs, in: Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems, CHI EA ’19, pp. LBW0114:1–LBW0114:6, ACM, New York, NY, USA, 2019. Search in Google Scholar

[35] Haichang Gao, Zhongjie Ren, Xiuling Chang, Xiyang Liu and Uwe Aickelin, A New Graphical Password Scheme Resistant to Shoulder-Surfing, in: 2010 International Conference on Cyberworlds, pp. 194–199, IEEE, October 2010. Search in Google Scholar

[36] Ceenu George, Mohamed Khamis, Emanuel von Zezschwitz, Marinus Burger, Henri Schmidt, Florian Alt and Heinrich Hussmann, Seamless and Secure VR: Adapting and Evaluating Established Authentication Systems for Virtual Reality, in: Proceedings 2017 Workshop on Usable Security, NDSS, Internet Society, 2017. Search in Google Scholar

[37] Ceenu George, Mohamed Khamis, Daniel Buschek and Heinrich Hussmann, Investigating the Third Dimension for Authentication in Immersive Virtual Reality and in the Real World, in: 2019 IEEE Conference on Virtual Reality and 3D User Interfaces (VR), pp. 277–285, IEEE, March 2019. Search in Google Scholar

[38] Barney G. Glaser and Anselm L. Strauss, Discovery of Grounded Theory: Strategies for Qualitative Research, Routledge, New York, NY, USA, July 2017. Search in Google Scholar

[39] George Hadjidemetriou, Marios Belk, Christos Fidas and Andreas Pitsillides, Picture Passwords in Mixed Reality: Implementation and Evaluation, in: Extended Abstracts of the 2019 CHI Conference on Human Factors in Computing Systems, CHI EA ’19, pp. LBW0263:1–LBW0263:6, ACM, New York, NY, USA, 2019. Search in Google Scholar

[40] Jon-Chao Hong, Ming-Yueh Hwang, Ker-Ping Tam, Yi-Hsuan Lai and Li-Chun Liu, Effects of Cognitive Style on Digital Jigsaw Puzzle Performance: A GridWare Analysis, Computers in Human Behavior28 (2012), 920–928. Search in Google Scholar

[41] Wei Hu, Xiaoping Wu and Guoheng Wei, The Security Analysis of Graphical Passwords, in: 2010 International Conference on Communications and Intelligence Information Security, pp. 200–203, October 2010. Search in Google Scholar

[42] Gwo-Jen Hwang, Han-Yu Sung, Chun-Ming Hung, Iwen Huang and Chin-Chung Tsai, Development of a Personalized Educational Computer Game based on Students’ Learning Styles, Educational Technology Research and Development60 (2012), 623–638. Search in Google Scholar

[43] Ian Jermyn, Alain Mayer, Fabian Monrose, Michael K. Reiter and Aviel D. Rubin, The Design and Analysis of Graphical Passwords, Proceedings of the 8th Conference on USENIX Security Symposium - Volume 8, SSYM’99, USENIX Association, Berkeley, CA, USA, 1999, pp. 1–14. Search in Google Scholar

[44] Maurits Kaptein and Petri Parvinen, Advancing E-Commerce Personalization: Process Framework and Case Study, International Journal of Electronic Commerce19 (2015), 7–33. Search in Google Scholar

[45] Christina Katsini, Christos Fidas, Marios Belk, Nikolaos Avouris and George Samaras, Influences of Users’ Cognitive Strategies on Graphical Password Composition, in: Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems, CHI EA ’17, pp. 2698–2705, ACM, New York, NY, USA, 2017. Search in Google Scholar

[46] Christina Katsini, Christos Fidas, George E. Raptis, Marios Belk, George Samaras and Nikolaos Avouris, Eye Gaze-driven Prediction of Cognitive Differences During Graphical Password Composition, in: 23rd International Conference on Intelligent User Interfaces, IUI ’18, pp. 147–152, ACM, New York, NY, USA, 2018. Search in Google Scholar

[47] Christina Katsini, Christos Fidas, George E. Raptis, Marios Belk, George Samaras and Nikolaos Avouris, Influences of Human Cognition and Visual Behavior on Password Strength During Picture Password Composition, in: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, CHI ’18, pp. 87:1–87:14, ACM, New York, NY, USA, 2018. Search in Google Scholar

[48] Christina Katsini, George E. Raptis, Christos Fidas and Nikolaos Avouris, Does Image Grid Visualization Affect Password Strength and Creation Time in Graphical Authentication?, in: Proceedings of the 2018 International Conference on Advanced Visual Interfaces, AVI ’18, pp. 33:1–33:5, ACM, New York, NY, USA, 2018. Search in Google Scholar

[49] Christina Katsini, George E. Raptis, Christos Fidas and Nikolaos Avouris, Towards Gaze-based Quantification of the Security of Graphical Authentication Schemes, in: Proceedings of the 2018 ACM Symposium on Eye Tracking Research & Applications, ETRA ’18, pp. 17:1–17:5, ACM, New York, NY, USA, 2018. Search in Google Scholar

[50] Christina Katsini, Christos Fidas, Marios Belk, George Samaras and Nikolaos Avouris, A Human-Cognitive Perspective of Users’ Password Choices in Recognition-Based Graphical Authentication, International Journal of Human–Computer Interaction (2019), 1–13. Search in Google Scholar

[51] Patrick Gage Kelley, Saranga Komanduri, Michelle L. Mazurek, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor and Julio Lopez, Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking Algorithms, in: 2012 IEEE Symposium on Security and Privacy, IEEE, May 2012. Search in Google Scholar

[52] Hassan Khan, Urs Hengartner and Daniel Vogel, Usability and Security Perceptions of Implicit Authentication: Convenient, Secure, Sometimes Annoying, in: Proceedings of the Eleventh USENIX Conference on Usable Privacy and Security, SOUPS’15, pp. 225–239, USENIX Association, Berkeley, CA, USA, 2015. Search in Google Scholar

[53] Mohammad Khatib and Rasoul Mohammad Hosseinpur, On the Validity of the Group Embedded Figure Test (GEFT), Journal of Language Teaching and Research2 (2011). Search in Google Scholar

[54] Maria Kozhevnikov, Cognitive Styles in the Context of Modern Psychology: Toward an Integrated Framework of Cognitive Style, Psychological Bulletin133 (2007), 464–481. Search in Google Scholar

[55] Oskar Ku, Chi-Chen Hou and Sherry Y. Chen, Incorporating Customization and Personalization into Game-based Learning: A Cognitive Style Perspective, Computers in Human Behavior65 (2016), 359–368. Search in Google Scholar

[56] Ximing Liu, Yingjiu Li and Robert H. Deng, Typing-Proof: Usable, Secure and Low-Cost Two-Factor Authentication Based on Keystroke Timings, in: Proceedings of the 34th Annual Computer Security Applications Conference, ACSAC ’18, pp. 53–65, ACM, New York, NY, USA, 2018. Search in Google Scholar

[57] Jia-Jiunn Lo and Yun-Jay Wang, Development of an Adaptive EC Website With Online Identified Cognitive Styles of Anonymous Customers, International Journal of Human-Computer Interaction28 (2012), 560–575. Search in Google Scholar

[58] Andrew Luxton-Reilly, Emma McMillan, Elizabeth Stevenson, Ewan Tempero and Paul Denny, Ladebug: An Online Tool to Help Novice Programmers Improve Their Debugging Skills, in: Proceedings of the 23rd Annual ACM Conference on Innovation and Technology in Computer Science Education, ITiCSE 2018, pp. 159–164, ACM, New York, NY, USA, 2018. Search in Google Scholar

[59] Stephen Madigan, Picture Memory, Imagery, Memory and Cognition: Essays in Honor of Allan Paivio (John C. Yuille, ed.), Lawrence Erlbaum Associates, Hillsdale, NJ, USA, 1983, pp. 65–89. Search in Google Scholar

[60] Michelle L. Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay and Blase Ur, Measuring Password Guessability for an Entire University, in: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS ’13, pp. 173–186, ACM, New York, NY, USA, 2013. Search in Google Scholar

[61] Martin Mihajlov and Borka Jerman-Blažič, On Designing Usable and Secure Recognition-based Graphical Authentication Mechanisms, Interacting with Computers23 (2011), 582–593. Search in Google Scholar

[62] Deborah Nelson and Kim-Phuong L. Vu, Effectiveness of Image-based Mnemonic Techniques for Enhancing the Memorability and Security of User-generated Passwords, Computers in Human Behavior26 (2010), 705–715. Search in Google Scholar

[63] Toan Nguyen and Nasir Memon, Tap-based User Authentication for Smartwatches, Computers & Security78 (2018), 174–186. Search in Google Scholar

[64] Toan Nguyen, Napa Sae-Bae and Nasir Memon, DRAW-A-PIN: Authentication Using Finger-drawn PIN on Touch Devices, Computers & Security66 (2017), 115–128. Search in Google Scholar

[65] Efi A. Nisiforou and Andrew Laghos, Do the Eyes Have It? Using Eye Tracking to Assess Students Cognitive Dimensions, Educational Media International50 (2013), 247–265. Search in Google Scholar

[66] Philip K. Oltman, Evelyn Raskin and Herman A. Witkin, Group Embedded Figures Test, Consulting Psychologists Press, Palo Alto, CA, USA, 1971. Search in Google Scholar

[67] Zach Pace, Signing in With a Picture Password, December 2011. Search in Google Scholar

[68] Allan Paivio and Kalman Csapo, Short-term Sequential Memory for Pictures and Words, Psychonomic Science24 (1971), 50–51. Search in Google Scholar

[69] Federico Perazzi, Philipp Krähenbühl, Yael Pritch and Alexander Hornung, Saliency Filters: Contrast Based Filtering for Salient Region Detection, in: 2012 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 733–740, IEEE, 2012. Search in Google Scholar

[70] George E. Raptis, Christos A. Fidas and Nikolaos M. Avouris, Do Field Dependence-Independence Differences of Game Players Affect Performance and Behaviour in Cultural Heritage Games?, in: Proceedings of the 2016 Annual Symposium on Computer-Human Interaction in Play, CHI PLAY ’16, pp. 38–43, ACM, New York, NY, USA, 2016. Search in Google Scholar

[71] George E. Raptis, Christina Katsini, Marios Belk, Christos Fidas, George Samaras and Nikolaos Avouris, Using Eye Gaze Data and Visual Activities to Infer Human Cognitive Styles: Method and Feasibility Studies, in: Proceedings of the 25th Conference on User Modeling, Adaptation and Personalization, UMAP ’17, pp. 164–173, ACM, New York, NY, USA, 2017. Search in Google Scholar

[72] George E. Raptis, Christos Fidas, Christina Katsini and Nikolaos Avouris, A Cognition-centered Personalization Framework for Cultural-Heritage Content, User Modeling and User-Adapted Interaction29 (2019), 9–65. Search in Google Scholar

[73] Karen Renaud, Peter Mayer, Melanie Volkamer and Joseph Maguire, Are Graphical Authentication Mechanisms as Strong as Passwords?, in: 2013 Federated Conference on Computer Science and Information Systems, pp. 837–844, September 2013. Search in Google Scholar

[74] Amir Sadovnik and Tsuhan Chen, A Visual Dictionary Attack on Picture Passwords, in: 2013 IEEE International Conference on Image Processing, pp. 4447–4451, September 2013. Search in Google Scholar

[75] Elizabeth Stobert and Robert Biddle, Memory Retrieval and Graphical Passwords, in: Proceedings of the Ninth Symposium on Usable Privacy and Security, SOUPS ’13, pp. 15:1–15:14, ACM, New York, NY, USA, 2013. Search in Google Scholar

[76] Elizabeth Stobert and Robert Biddle, The Password Life Cycle, ACM Transactions on Privacy and Security (TOPS)21 (2018), 13:1–13:32. Search in Google Scholar

[77] Elizabeth Stobert, Alain Forget, Sonia Chiasson, Paul C. van Oorschot and Robert Biddle, Exploring Usability Effects of Increasing Security in Click-based Graphical Passwords, in: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC ’10, pp. 79–88, ACM, New York, NY, USA, 2010. Search in Google Scholar

[78] Huiping Sun, Ke Wang, Xu Li, Nan Qin and Zhong Chen, PassApp: My App is My Password!, in: Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI ’15, pp. 306–315, ACM, New York, NY, USA, 2015. Search in Google Scholar

[79] Hai Tao and Carlisle Adams, Pass-go: A Proposal to Improve the Usability of Graphical Passwords, International Journal of Network Security7 (2008), 273–292. Search in Google Scholar

[80] Gary F. Templeton, A Two-step Approach for Transforming Continuous Variables to Normal: Implications and Recommendations for IS Research, Communications of the Association for Information Systems (CAIS)28 (2011), 41–58. Search in Google Scholar

[81] Julie Thorpe and Paul C. van Oorschot, Human-Seeded Attacks and Exploiting Hot-Spots in Graphical Passwords, in: Proceedings of the 16th Conference on USENIX Security Symposium, SS’07, pp. 103–118, USENIX Association, Berkeley, CA, USA, 2007. Search in Google Scholar

[82] Julie Thorpe, Brent MacRae and Amirali Salehi-Abari, Usability and Security Evaluation of GeoPass: A Geographic Location-password Scheme, in: Proceedings of the Ninth Symposium on Usable Privacy and Security, SOUPS ’13, pp. 14:1–14:14, ACM, New York, NY, USA, 2013. Search in Google Scholar

[83] Julie Thorpe, Muath Al-Badawi, Brent MacRae and Amirali Salehi-Abari, The Presentation Effect on Graphical Passwords, in: Proceedings of the 32Nd Annual ACM Conference on Human Factors in Computing Systems, CHI ’14, pp. 2947–2950, ACM, New York, NY, USA, 2014. Search in Google Scholar

[84] Judy C.R. Tseng, Hui-Chun Chu, Gwo-Jen Hwang and Chin-Chung Tsai, Development of an Adaptive Learning System with Two Sources of Personalization Information, Computers & Education51 (2008), 776–786. Search in Google Scholar

[85] M.N.M. van Lieshout and Adrian Baddeley, A Nonparametric Measure of Spatial Interaction in Point Patterns, Statistica Neerlandica50 (1996), 344–361. Search in Google Scholar

[86] Paul C. van Oorschot, Amirali Salehi-Abari and Julie Thorpe, Purely Automated Attacks on PassPoints-Style Graphical Passwords, IEEE Transactions on Information Forensics and Security5 (2010), 393–405. Search in Google Scholar

[87] Kim-Phuong L. Vu, Robert W. Proctor, Abhilasha Bhargav-Spantzel, Bik-Lam (Belin) Tai, Joshua Cook and E. Eugene Schultz, Improving Password Security and Memorability to Protect Personal and Organizational Information, International Journal of Human-Computer Studies65 (2007), 744–757. Search in Google Scholar

[88] Xiang-Yang Wang, Yong-Wei Li, Pan-Pan Niu, Hong-Ying Yang and Dong-Ming Li, Content-based Image Retrieval using Visual Attention Point Features, Fundamenta Informaticae135 (2014), 309–329. Search in Google Scholar

[89] Susan Wiedenbeck, Jim Waters, Jean-Camille Birget, Alex Brodskiy and Nasir Memon, Authentication Using Graphical Passwords: Effects of Tolerance and Image Choice, in: Proceedings of the 2005 Symposium on Usable Privacy and Security, SOUPS ’05, pp. 1–12, ACM, New York, NY, USA, 2005. Search in Google Scholar

[90] Susan Wiedenbeck, Jim Waters, Jean-Camille Birget, Alex Brodskiy and Nasir Memon, PassPoints: Design and Longitudinal Evaluation of a Graphical Password System, International Journal of Human-Computer Studies63 (2005), 102–127. Search in Google Scholar

[91] Herman A. Witkin, Carol Ann Moore, Donald R. Goodenough and Patricia W. Cox, Field-Dependent and Field-Independent Cognitive Styles and Their Educational Implications, ETS Research Bulletin Series1975 (1975), 1–64. Search in Google Scholar

[92] Nicholas Wright, Andrew S. Patrick and Robert Biddle, Do You See Your Password?: Applying Recognition to Textual Passwords, in: Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS ’12, pp. 8:1–8:14, ACM, New York, NY, USA, 2012. Search in Google Scholar

[93] Honghai Yu and Stefan Winkler, Image Complexity and Spatial Information, in: 2013 Fifth International Workshop on Quality of Multimedia Experience (QoMEX), pp. 12–17, IEEE, 2013. Search in Google Scholar

[94] Zhen Yu, Hai-Ning Liang, Charles Fleming and Ka Lok Man, An Exploration of Usable Authentication Mechanisms for Virtual Reality Systems, in: 2016 IEEE Asia Pacific Conference on Circuits and Systems (APCCAS), pp. 458–460, October 2016. Search in Google Scholar

[95] Ziming Zhao, Gail-Joon Ahn, Jeong-Jin Seo and Hongxin Hu, On the Security of Picture Gesture Authentication, in: Proceedings of the 22Nd USENIX Conference on Security, SEC’13, pp. 383–398, USENIX Association, Berkeley, CA, USA, 2013. Search in Google Scholar

[96] Ziming Zhao, Gail-Joon Ahn and Hongxin Hu, Picture Gesture Authentication: Empirical Analysis, Automated Attacks, and Scheme Evaluation, ACM Transactions on Information and System Security (TISSEC)17 (2015), 14:1–14:37. Search in Google Scholar

Published Online: 2020-01-14
Published in Print: 2019-11-18

© 2019 Walter de Gruyter GmbH, Berlin/Boston