Jul 11

Creative without strategy is called ‘art‘. Creative with strategy is called ‘advertising‘

-- Jef I. Richards

 
 

Featured chapter

Marc Hassenzahl explains the fascinating concept of User Experience and Experience Design. Commentaries by Don Norman, Eric Reiss, Mark Blythe, and Whitney Hess

User Experience and Experience Design !

 
 

Our Latest Books

Kumar and Herger 2013: Gamification at Work: Designing Engaging Business Software...
by Janaki Mythily Kumar and Mario Herger

 
Start reading

Whitworth and Ahmad 2013: The Social Design of Technical Systems: Building technologies for communities...
by Brian Whitworth and Adnan Ahmad

 
Start reading

Soegaard and Dam 2013: The Encyclopedia of Human-Computer Interaction, 2nd Ed....
by Mads Soegaard and Rikke Friis Dam

 
Start reading
 
 

Help us help you!

 
 

Sacha Brostoff

Add description
Add publication

Publications by Sacha Brostoff (bibliography)

 what's this?
2011
 
Edit | Del

Zakaria, Nur Haryani, Griffiths, David, Brostoff, Sacha and Yan, Jeff (2011): Shoulder surfing defence for recall-based graphical passwords. In: Proceedings of the 2011 Symposium on Usable Privacy and Security 2011. p. 6.

Graphical passwords are often considered prone to shoulder-surfing attacks, where attackers can steal a user's password by peeking over his or her shoulder in the authentication process. In this paper, we explore shoulder surfing defence for recall-based graphical password systems such as Draw-A-Secret and Background Draw-A-Secret, where users doodle their passwords (i.e. secrets) on a drawing grid. We propose three innovative shoulder surfing defence techniques, and conduct two separate controlled laboratory experiments to evaluate both security and usability perspectives of the proposed techniques. One technique was expected to work to some extent theoretically, but it turned out to provide little protection. One technique provided the best overall shoulder surfing defence, but also caused some usability challenges. The other technique achieved reasonable shoulder surfing defence and good usability simultaneously, a good balance which the two other techniques did not achieve. Our results appear to be also relevant to other graphical password systems such as Pass-Go.

© All rights reserved Zakaria et al. and/or ACM Press

2010
 
Edit | Del

Brostoff, Sacha, Inglesant, Philip and Sasse, M. Angela (2010): Evaluating the usability and security of a graphical one-time PIN system. In: Proceedings of the HCI10 Conference on People and Computers XXIV 2010. pp. 88-97.

Traditional Personal Identification Numbers (PINs) are widely used, but the attacks in which they are captured have been increasing. One-time PINs offer better security, but potentially create greater workload for users. In this paper, we present an independent evaluation of a commercial system that makes PINs more resistant to observation attacks by using graphical passwords on a grid to generate a one-time PIN. 83 participants were asked to register with the system and log in at varying intervals. The successful login rate was approximately 91% after 3-4 days, and 97% after 9-10 days. Twenty five participants were retested after two years, and 27% of those were able to recall their pattern. We recorded 17 instances of failed attempts, and found that even though participants recalled the general shape of the pass-pattern in 13 of these instances, they could not recall its detailed location or sequence of cells. We conclude that GrIDsure is usable if people have one pass-pattern, but the level of security will depend on the context of use (it will work best in scenarios where repeated observations of transactions are unlikely), and the instructions given to users (without guidance, they are likely to chose from a small subset of the possible patterns which are easily guessed).

© All rights reserved Brostoff et al. and/or BCS

 
Add publication
Show list on your website
 

Join our community and advance:

Your
Skills

Your
Network

Your
Career

 
 
 
 

Changes to this page (author)

05 Apr 2012: Modified
03 Apr 2012: Added

Page Information

Page maintainer: The Editorial Team
URL: http://www.interaction-design.org/references/authors/sacha_brostoff.html
Jul 11

Creative without strategy is called ‘art‘. Creative with strategy is called ‘advertising‘

-- Jef I. Richards

 
 

Featured chapter

Marc Hassenzahl explains the fascinating concept of User Experience and Experience Design. Commentaries by Don Norman, Eric Reiss, Mark Blythe, and Whitney Hess

User Experience and Experience Design !

 
 

Our Latest Books

Kumar and Herger 2013: Gamification at Work: Designing Engaging Business Software...
by Janaki Mythily Kumar and Mario Herger

 
Start reading

Whitworth and Ahmad 2013: The Social Design of Technical Systems: Building technologies for communities...
by Brian Whitworth and Adnan Ahmad

 
Start reading

Soegaard and Dam 2013: The Encyclopedia of Human-Computer Interaction, 2nd Ed....
by Mads Soegaard and Rikke Friis Dam

 
Start reading
 
 

Help us help you!