TY - GEN
T1 - On the security of picture gesture authentication
AU - Zhao, Ziming
AU - Ahn, Gail Joon
AU - Seo, Jeong Jin
AU - Hu, Hongxin
N1 - Publisher Copyright:
copyright © 2013 USENIX Security Symposium.All right reserved.
PY - 2013
Y1 - 2013
N2 - Computing devices with touch-screens have experienced unprecedented growth in recent years. Such an evolutionary advance has been facilitated by various applications that are heavily relying on multi-touch gestures. In addition, picture gesture authentication has been recently introduced as an alternative login experience to text-based password on such devices. In particular, the new Microsoft Windows 8™ operating system adopts such an alternative authentication to complement traditional text-based authentication. In this paper, we present an empirical analysis of picture gesture authentication on more than 10, 000 picture passwords collected from over 800 subjects through online user studies. Based on the findings of our user studies, we also propose a novel attack framework that is capable of cracking passwords on previously unseen pictures in a picture gesture authentication system. Our approach is based on the concept of selection function that models users' password selection processes. Our evaluation results show the proposed approach could crack a considerable portion of collected picture passwords under different settings.
AB - Computing devices with touch-screens have experienced unprecedented growth in recent years. Such an evolutionary advance has been facilitated by various applications that are heavily relying on multi-touch gestures. In addition, picture gesture authentication has been recently introduced as an alternative login experience to text-based password on such devices. In particular, the new Microsoft Windows 8™ operating system adopts such an alternative authentication to complement traditional text-based authentication. In this paper, we present an empirical analysis of picture gesture authentication on more than 10, 000 picture passwords collected from over 800 subjects through online user studies. Based on the findings of our user studies, we also propose a novel attack framework that is capable of cracking passwords on previously unseen pictures in a picture gesture authentication system. Our approach is based on the concept of selection function that models users' password selection processes. Our evaluation results show the proposed approach could crack a considerable portion of collected picture passwords under different settings.
UR - http://www.scopus.com/inward/record.url?scp=84903145027&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84903145027&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84903145027
T3 - Proceedings of the 22nd USENIX Security Symposium
SP - 383
EP - 398
BT - Proceedings of the 22nd USENIX Security Symposium
PB - USENIX Association
T2 - 22nd USENIX Security Symposium
Y2 - 14 August 2013 through 16 August 2013
ER -