1 / 17

Graphical Password System and Secondary Authentication

Graphical Password System and Secondary Authentication. Alyssa Ritchie Mentor: Stephen Huang August 12, 2011. Topics. Recap Background Our goals Graphical Password System Design Security Secondary Authentication Information availability Probability of question selection.

amandla
Download Presentation

Graphical Password System and Secondary Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Graphical Password System and Secondary Authentication Alyssa Ritchie Mentor: Stephen Huang August 12, 2011

  2. Topics • Recap • Background • Our goals • Graphical Password System • Design • Security • Secondary Authentication • Information availability • Probability of question selection

  3. Background: Phishing Social engineering attack that tricks users into voluntarily giving away their username and password Easy to give away an alphanumeric password. Common technique: website forgery

  4. Background: Security Questions Second defense for accounts Many sites can email password resets, however if you forget your email password then you need another way to get in. Questions may have a limited answer pool or guessable/searchable answers.

  5. Our Goals • Create a graphical augmentation to the password • Increase security for user by • requiring the website to authenticate itself • slow down the user’s instinct of typing alphanumerical password • Help prevent phishing • Show two weakness that security questions suffer from: • Information available in the public domain can allow attackers access to a users account • Not all questions are equally likely to be selected, thus making the answers easier to obtain

  6. Background: Graphical Passwords • Picture superiority effect: • People are able to remember images better then text • Types of graphical passwords • Pure recall • Cued recall • Recognition • Users tend to remember and have higher authentication success rates with recognition systems

  7. The Design • User chooses 10 images to augment their password Choose Your Images 1,2,3…..

  8. The Design • At login: • Displays a 6x6 grid of images • 3 are from the user’s password images • To successfully login: • User identifies 2 of the 3 images that are associated with their account, and • Enters their alphanumeric password Select your images: Enter Password: ********* FindPassImages Enter Password: ********

  9. Security • A blind guess has less then .5% chance of being correct. • There is only a 2% chance that the images selected by the user will be reused on the next login attempt. • Harder for phishers to get access to password. • Helps authenticate website • Graphical password is difficult for the users to reveal

  10. Secondary Authentication: Facebook People are more aware of personal information they post on the Internet in recent years, wary of identity theft, predators, and etc. However, a lot of personal information can be found easily on social networking sites like Facebook

  11. Secondary Authentication: Facebook On a small-scale search, we found the following information out of 48 people:

  12. Secondary Authentication: Facebook Most people would friend someone whether or not they know them Search shows attackers could likely find answers to factual questions Many people have preferences such as their favorite band or athlete displayed

  13. Probability of question being picked • Hypothesis: • Not all questions provided by a website have an equal probability of being selected by the user. • Danger: If not all question are likely to be selected then it reduces the security of the secret question. • To test I conducted a survey among 13 undergraduate and graduate students.

  14. Survey Results Questions that aren’t applicable About 60% of the questions weren’t applicable to the students

  15. Survey Results Questions that are picked 11 questions (out of 50) were picked by 2 or more students The most popular option was to write their own question

  16. Conclusion • Although no definite conclusion can be drawn by such a limited survey, we see indications that our hypothesis is correct. • Future Work: • A more extensive survey over a wider demographic would allow us to conclude with more certainty that our hypothesis is correct.

  17. Questions?

More Related