Sciweavers

TISSEC
2008

On predictive models and user-drawn graphical passwords

13 years 11 months ago
On predictive models and user-drawn graphical passwords
In commonplace text-based password schemes, users typically choose passwords that are easy to recall, exhibit patterns, and are thus vulnerable to brute-force dictionary attacks. This leads us to ask whether other types of passwords (e.g., graphical) are also vulnerable to dictionary attack due to users tending to choose memorable passwords. We suggest a method to predict and model a number of such classes for systems where passwords are created solely from a user's memory. We hypothesize that these classes define weak password subspaces suitable for an attack dictionary. For user-drawn graphical passwords, we apply this method with cognitive studies on visual recall. These cognitive studies motivate us to define a set of password complexity factors (e.g., reflective symmetry and stroke-count), which define a set of classes. To better understand the size of these classes, and thus how weak the password subspaces they define might be, we use the "Draw-A-Secret" (DAS) gra...
Paul C. van Oorschot, Julie Thorpe
Added 15 Dec 2010
Updated 15 Dec 2010
Type Journal
Year 2008
Where TISSEC
Authors Paul C. van Oorschot, Julie Thorpe
Comments (0)