Graphical passwords as browser extension: Implementation and usability study


Creative Commons License

Bicakci K., Yuceel M., Erdeniz B., Gurbaslar H., Atalay N. B.

3rd IFIP WG 11.11 International Conference on Trust Management, IFIPTM 2009, Indiana, Amerika Birleşik Devletleri, 15 - 19 Haziran 2009, cilt.300, ss.15-29 identifier

  • Yayın Türü: Bildiri / Tam Metin Bildiri
  • Cilt numarası: 300
  • Doi Numarası: 10.1007/978-3-642-02056-8_2
  • Basıldığı Şehir: Indiana
  • Basıldığı Ülke: Amerika Birleşik Devletleri
  • Sayfa Sayıları: ss.15-29
  • Anahtar Kelimeler: Authe ntication, Graphical password, Password manager, Usable security
  • İstanbul Teknik Üniversitesi Adresli: Hayır

Özet

© IFIP International Federation for Information Processing 2009.Today, most Internet applications still establish user authentication with traditional text based passwords. Designing a secure as well as a user friendly password-based method has been on the agenda of security researchers for a long time. On one hand, there are password manager programs which facilitate generating site-specific strong passwords from a single user password to eliminate the memory burden due to multiple passwords. On the other hand, there are studies exploring the viability of graphical passwords as a more secure and user-friendly alternative. In this paper, we present GPEX, a password manager program implemented as a web browser plug-in to enable using graphical passwords to secure Internet applications without any need to change their authentication interface. Experimental results show that GPEX has security and usability advantages over other password manager plug-ins. specifically; we find that with the visual interface of GPEX, users have a more complete and accurate mental model of the system and incorrect login attempts causing security exposures can easily be avoided.