Skip to main content
SpringerLink
Log in

Pseudo-Passwords and Non-textual Approaches

Beyond passwords—graphical authentication

  • Chapter
  • First Online:
Advances in User Authentication

Part of the book series: Infosys Science Foundation Series ((ISFSASE))

  • 2678 Accesses

Abstract

This chapter describes various complementary approaches of passwords, namely, Honeywords, Cracking-Resistant Password Vaults using Natural Encoders, Bloom Filter, and non-textual and graphical passwords to protect user identities against any type of credential breaches. At the end, a comparison of various non-textual passwords is provided by highlighting their strength and weaknesses.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Rivest RL (1990) The MD4 message digest algorithm. In: Proceeding proceedings of the 10th annual international cryptology conference on advances in cryptology (CRYPTO’90), 11–15 Aug 1990, pp 303–311

    Google Scholar 

  2. Stevens M (2013) New collision attacks on SHA-1 based on optimal joint local-collision analysis. A chapter in advances in cryptology (EUROCRYPTO), Volume 7881 of the series lecture notes in computer science, pp 245–261

    Google Scholar 

  3. Google security blog (2017) Announcing the first SHA-1 collision, 23 Feb 2017. https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

  4. Juels A, Rivest RL (2013) Honeywords: making password-cracking detectable. In: Proceedings of the 2013 ACM SIGSAC conference on computer & communications security, pp 145–160, ACM, 2013

    Google Scholar 

  5. Bojinov H, Bursztein E, Boyen X, Boneh D (2010) Kamouflage: loss-resistant password management. In: European symposium on research in computer security, 2010, pp 286–302

    Google Scholar 

  6. Yuill J, Zappe M, Denning D, Feer F (2004) Honeyfiles: deceptive files for intrusion detection. In: Proceedings from the fifth annual IEEE SMC information assurance workshop, June 2004

    Google Scholar 

  7. Rao S (2006) Data and system security with failwords. U.S. Patent Application US2006/0161786A1, U.S.PatentOffice. http://www.google.com/patents/US20060161786. 20 July 2006

  8. Chatterjee R, Bonneau J, Juels A, Ristenpart T (2015) Cracking-resistant password vaults using natural language encoders. In: IEEE symposium on security and privacy, IEEE, 2015, pp 481–498

    Google Scholar 

  9. Bonneau J, Herley C, Van Oorschot PC, Stajano F (2012) The quest to replace passwords: a framework for comparative evaluation of web authentication schemes, In: IEEE symposium on security and privacy, May 2012

    Google Scholar 

  10. Whitney L (2011) LastPass CEO reveals details on security breach, CNet, May 2011

    Google Scholar 

  11. Li Z, He W, Akhawe D, Song D (2014) The emperor’s new password manager: security analysis of web-based password managers. In: 23rd USENIX security symposium (USENIX security), 2014

    Google Scholar 

  12. Bonneau J (2012) The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: IEEE symposium on security and privacy, 2012, pp 538–552

    Google Scholar 

  13. Hoover D, Kausik B (1999) Software smart cards via cryptographic camouflage, In: IEEE symposium on security and privacy, IEEE 1999, pp 208–215

    Google Scholar 

  14. Juels A, Ristenpart T (2014) Honey Encryption: beyond the brute-force barrier. In: Advances in Cryptology—EUROCRYPT, Springer, pp 523–540

    Google Scholar 

  15. Kelley P, Komanduri S, Mazurek M, Shay R, Vidas T, Bauer L, Christin N, Cranor L, Lopez J (2012) Guess again (and again and again): measuring password strength by simulating password-cracking algorithms, In: IEEE symposium on security and privacy (SP), 2012, pp 523–537

    Google Scholar 

  16. Ma J, Yang W, Luo M, Li N (2014) A study of probabilistic password models, In: Proceedings of the 2014 IEEE symposium on security and privacy, IEEE computer society, 2014, pp 689–704

    Google Scholar 

  17. Castelluccia C, Durmuth M, Perito D (2012) Adaptive password-strength meters from markov models. In: NDSS 2012

    Google Scholar 

  18. Devillers MM (2010) Analyzing password strength. Radboud University Nijmegen, Tech. Rep, 2010

    Google Scholar 

  19. Weir M, Aggarwal S, De Medeiros B, Glodek B (2009) Password cracking using probabilistic context-free grammars. In: IEEE symposium on security and privacy (SP), 2009, pp 162–175

    Google Scholar 

  20. Bloom B (1970) Space/time tradeoffs in hash coding with allowable errors. Commun ACM 13(7):422–426

    Article  MATH  Google Scholar 

  21. Spafford Eugene H (1992) Opus: preventing weak password choices. Comput Secur 11(3):273–278

    Article  Google Scholar 

  22. Mullin JK (1983) A second look at bloom filters. Commun ACM 26(8):570–571

    Article  Google Scholar 

  23. Deng F, Rafiei D (2006) Approximately detecting duplicates for streaming data using stable bloom filters. In: ACM SIGMOD international conference on management of data (SIGMOD ‘06), New York, NY, USA: ACM, 2006, pp 25–36

    Google Scholar 

  24. Agarwal S, Trachtenberg A (2006) Approximating the number of differences between remote sets. In: Information theory workshop, Punta del Este, Uruguay, 2006, pp 217–221

    Google Scholar 

  25. Bonomi F, Mitzenmacher M, Panigrahy R, Singh S, Varghese G (2006) An improved construction for counting bloom filters. In: Azar Y, Erlebach T (eds) A book chapter in Algorithms ESA 2006 Springer Berlin Heidelberg, 2006, pp 684–695

    Google Scholar 

  26. Biddle R, Chiasson S, Van Oorschot PC (2012) Graphical passwords: learning from the first twelve years. ACM Comput Surv (CSUR) 44(4), 2012

    Google Scholar 

  27. Jermyn I, Mayer AJ, Monrose F, Reiter MK, Rubin AD (1999) The design and analysis of graphical passwords. In: Usenix Security, 1999, pp 1–14

    Google Scholar 

  28. Werner S, Hauck C, Masingale M (2016) Password entry times for recognition-based graphical passwords. In: Proceedings of the human factors and ergonomics society annual meeting, 60(1), 2016

    Google Scholar 

  29. Suo X, Zhu Y, Owen GS (2005) Graphical passwords: a survey. In: 21st annual computer security applications conference, IEEE, 2005, pp 10–pp

    Google Scholar 

  30. Sreelatha M, Shashi M, Anirudh M, Ahamer MS, Kumar VM (2011) Authentication schemes for session passwords using color and images. Int J Netw Secur Appl 3(3):111–119

    Google Scholar 

  31. Towhidi F, Masrom M (2009) A survey on recognition based graphical user authentication algorithms, arXiv preprint arXiv: 0912. 0942 (2009)

    Google Scholar 

  32. Dunphy P, Heiner AP, Asokan N (2010) A closer look at recognition-based graphical passwords on mobile devices. In: Proceedings of the sixth symposium on usable privacy and security, ACM, 2010, pp 3

    Google Scholar 

  33. Lin PL, Weng LT, Huang PW (2008) Graphical passwords using images with random tracks of geometric shapes. 2008 Congr Images Sig Process, 2008

    Google Scholar 

  34. Dhamija R, Perrig A (2000) Deja Vu: a user study using images for authentication, In: Proceedings of 9th USENIX security symposium, 2000

    Google Scholar 

  35. Perrig A, Song D (1999) Hash visualization: a new technique to improve real-world security. In: International workshop on cryptographic techniques and E-commerce, 1999, pp 131–138

    Google Scholar 

  36. Akula S, Devisetty V (2004) Image based registration and authentication system. In: Proceedings of midwest instruction and computing symposium, 2004

    Google Scholar 

  37. Sobrado L Birget JC (2002) Graphical passwords, The rutgers scholar, An electronic bulletin for undergraduate research, 4, 2002

    Google Scholar 

  38. Man S, Hong D, Mathews M (2003) A shoulder-surfing resistant graphical password scheme. In: Proceedings of international conference on security and management, Las Vegas, NV, 2003

    Google Scholar 

  39. Valentine T (1998) An evaluation of the passface personal authentication system, technical report. Goldsmiths College, University of London 1998

    Google Scholar 

  40. Valentine T (1999) Memory for passfaces after a long delay, technical report. Goldsmiths College, University of London 1999

    Google Scholar 

  41. Davis D, Monrose F, Reiter MK (2004) On user choice in graphical password schemes. In: Proceedings of the 13th usenix security symposium. San Diego, CA, 2004

    Google Scholar 

  42. Jansen W (2004) Authenticating mobile device users through image selection, in data security, 2004

    Google Scholar 

  43. Jansen W, Gavrila S, Korolev V, Ayers R, Swanstrom R (2003) Picture password: a visual login technique for mobile devices, National Institute of Standards and Technology Interagency Report NISTIR 7030, 2003

    Google Scholar 

  44. Jansen WA (2003) Authenticating users on handheld devices. In: Proceedings of Canadian information technology security symposium, 2003

    Google Scholar 

  45. Takada T, Koike H, Awase-E: Image-based authentication for mobile phones using user’s favorite images. In: Human-computer interaction with mobile devices and services, Springer-Verlag GmbH, 2003, 2795:347–351

    Google Scholar 

  46. Jermynv I, Mayer A, Monrose F, Reiter MK, Rubin AD (1999) The design and analysis of graphical passwords. In: Proceedings of the 8th USENIX security symposium, 1999

    Google Scholar 

  47. Thorpe J, van Oorschot PC (2004) Graphical dictionaries and the memorable space of graphical passwords. In: Proceedings of the 13th USENIX security symposium. San Deigo, USA: USENIX, 2004

    Google Scholar 

  48. Thorpe J, van Oorschot PC (2004) Towards secure design choices for implementing graphical passwords. In: Proceedings of the 20th annual computer security applications conference. Tucson, Arizona, 2004

    Google Scholar 

  49. Goldberg J, Hagman J, Sazawal V (2002) Doodling our way to better authentication. In: Presented at proceedings of human factors in computing systems (CHI), Minneapolis, Minnesota, USA, 2002

    Google Scholar 

  50. Nali D, Thorpe J (2004) Analyzing user choice in graphical passwords, technical report. School of Information Technology and Engineering, University of Ottawa, Canada May 27 2004

    Google Scholar 

  51. Syukri AF, Okamoto E, Mambo M (1998) A user identification system using signature written with mouse. In: Third Australasian conference on information security and privacy (ACISP): Springer-Verlag Lecture Notes in Computer Science (1438), 1998, pp 403–441

    Google Scholar 

  52. Blonder GE (1996) Graphical passwords, in Lucent Technologies, Inc., Murray Hill, NJ, U. S. Patent, Ed. United States, 1996

    Google Scholar 

  53. PassLogix. http://www.oracle.com/us/corporate/Acquisitions/passlogix/passlogix-general-presentation-189464.pdf Date Accessed: September 01, 2016

  54. Paulson LD (2002) Taking a graphical approach to the password. Computer 35:19

    Article  Google Scholar 

  55. Wiedenbeck S, Waters J, Birget JC, Brodskiy A, Memon N (2005) Authentication using graphical passwords: basic results, In: Human-Computer Interaction International. Las Vegas, NV

    Google Scholar 

  56. Wiedenbeck S, Waters J, Birget JC, Brodskiy A, Memon N (2005) Authentication using graphical passwords: effects of tolerance and image choice. In: Proceedings of the 2005 symposium on usable privacy and security, ACM, 2005, pp 1–12

    Google Scholar 

  57. Wiedenbeck S, Waters J, Birget JC, Brodskiy A, Memon N (2005) PassPoints: design and longitudinal evaluation of a graphical password system. Int J Hum Comput Stud 63(1):102–127

    Article  Google Scholar 

  58. Birget JC, Hong D, Memon N. (2003) Robust discretization, with an application to graphical passwords, Cryptology ePrint archive 2003

    Google Scholar 

  59. Hong D, Man S, Hawes B, Mathews M, A password scheme strongly resistant to spyware. In: Proceedings of international conference on security and management. Las Vergas, NV, 2004

    Google Scholar 

  60. Passfaces: two factor authentication for the enterprise. Available at “www.realuser.com,” last accessed in March 2017

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, The University of Memphis, Memphis, TN, USA

    Dipankar Dasgupta, Arunava Roy & Abhijit Nag

Authors
  1. Dipankar Dasgupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Arunava Roy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abhijit Nag
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dipankar Dasgupta .

Review Questions

Review Questions

  1. 1.

    Explain the concept of the «Honeyword» approach.

  2. 2.

    Describe an algorithm for «Honeyword» generation.

  3. 3.

    Illustrate Honey checker systems with diagram.

  4. 4.

    Explain the n-gram model related to non-password system (Resistant Password Vaults using Natural Language Encoders).

  5. 5.

    What is Bloom Filter? Explain its working principles.

  6. 6.

    Give a qualitative comparison of NAS, Honeywords, and Bloom Filter.

  7. 7.

    Describe different graphical password-based approaches.

  8. 8.

    Mention some possible attacks on graphical passwords.

  9. 9.

    Make a comparative table of graphical passwords in terms of usability and security issues.

  10. 10.

    Provide a qualitative comparison among different non-password-based authentication methods.

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Dasgupta, D., Roy, A., Nag, A. (2017). Pseudo-Passwords and Non-textual Approaches. In: Advances in User Authentication. Infosys Science Foundation Series(). Springer, Cham. https://doi.org/10.1007/978-3-319-58808-7_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-58808-7_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-58806-3

  • Online ISBN: 978-3-319-58808-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation