By Topic

Catch me if you can: Using self-camouflaging images to strengthen graphical passwords

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Mihai Ordean ; Communications Department, Technical University of Cluj-Napoca, 6-28 George Baritiu St, Room 364, Cluj-Napoca, Romania ; Karen Renaud

In the last decade graphical passwords have been proposed as a viable alternative to the problematical password. One of the most popular of these is the recognition-based graphical password, where the user clicks secret images from one or more challenge sets of images, in order to authenticate. While these mechanisms have provable memorability advantages, they are easily as vulnerable to automated sniffing attacks, password-capturing and password computation mechanisms, as are passwords themselves. For example, an attacker can use software to automatically scrape the challenge set images, display these on a duplicate site, and then entice the genuine account owner to reveal the authentication secret. Here we propose a mechanism for addressing this particular weakness of recognition-based graphical passwords. We propose a constantly changing image set, implementing a kind of one-time-password (OTP), which will confound automated attacks by continuously changing the imprint of the secret images. It is vital to ensure that the displayable quality of the images is not compromised so that the genuine user can still authenticate without difficulty. Fortunately usability testing showed that the enhanced security model had no impact on the user authentication process. All the benefits of graphical passwords, such as ease of use and increased memorability, are preserved whilst resisting automated attacks.

Published in:

Intelligent Computer Communication and Processing (ICCP), 2012 IEEE International Conference on

Date of Conference:

Aug. 30 2012-Sept. 1 2012