Proceedings Article10.1109/HICSS.2004.1265412
Password-based authentication: a system perspective
A. Conklin,Glenn Dietrich,Diane B. Walz +2 more
- 05 Jan 2004
- Vol. 37, pp 70170
TL;DR: A system model of the risks associated with password-based authentication is presented from a users centric point of view including the construct of user password memory aids and a preliminary analysis of the implications of this user centric interconnection of security models is presented.
read more
Abstract: User authentication in computer systems has been a cornerstone of computer security for decades. The concept of a user id and password is a cost effective and efficient method of maintaining a shared secret between a user and a computer system. One of the key elements in the password solution for security is a reliance on human cognitive ability to remember the shared secret. In early computing days with only a few computer systems and a small select group of users, this model proved effective. With the advent of the Internet, e-commerce, and the proliferation of PCs in offices and schools, the user base has grown both in number and in demographic base. Individual users no longer have single passwords for single systems, but are presented with the challenge of remembering numerous passwords for numerous systems, from email, to web accounts, to banking and financial services. This paper presents a conceptual model depicting how users and systems work together in this function and examines the consequences of the expanding user base and the use of password memory aids. A system model of the risks associated with password-based authentication is presented from a user centric point of view including the construct of user password memory aids. When confronted with too much data to remember, users develop memory aids to assist them in the task of remembering important pieces of information. These user password memory aids form a bridge between otherwise unconnected systems and have an effect on system level security across multiple systems interconnected by the user. A preliminary analysis of the implications of this user centric interconnection of security models is presented.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
GREYC keystroke: A benchmark for keystroke dynamics biometric systems
Romain Giot,Mohamad El-Abed,Christophe Rosenberger +2 more
- 28 Sep 2009
TL;DR: A benchmark testing suite composed of a database and software that are available for the scientific community for the evaluation of keystroke dynamics based systems are proposed.
The psychology of password management: a tradeoff between security and convenience
TL;DR: This study examined five password-management behaviours to answer questions about user knowledge of password quality, motivation behind password selection and the effect of account type to find a time frame effect only for more important (online banking) accounts.
163
Recognizing Text-Based Traffic Signs
Jack Greenhalgh,Majid Mirmehdi +1 more
TL;DR: A novel system for the automatic detection and recognition of text in traffic signs using Maximally stable extremal regions and hue, saturation, and value color thresholding to locate a large number of candidates and interprets the text contained within detected candidate regions.
127
Improving multiple-password recall: an empirical study
TL;DR: This paper proposes that interference between different passwords is one of the major challenges to multiple-password recall and that interference alleviation methods can significantly improve multiple- password recall and demonstrates the potential merit of practices targeting multiple- passwords interference.
Unconstrained keystroke dynamics authentication with shared secret
TL;DR: This work proposes a new method based on the Support Vector Machine (SVM) learning satisfying industrial conditions (i.e., few samples per user are needed during the enrollment phase to create its template), which outperforms the other methods in an industrial context.
94
References
•Journal Article
The magical number seven, plus or minus two: some limits on our capacity for processing information
TL;DR: The theory of information as discussed by the authors provides a yardstick for calibrating our stimulus materials and for measuring the performance of our subjects and provides a quantitative way of getting at some of these questions.
23.5K
•Book
The magical number seven plus or minus two: some limits on our capacity for processing information
George A. Miller
- 01 Jan 1956
TL;DR: The theory provides us with a yardstick for calibrating the authors' stimulus materials and for measuring the performance of their subjects, and the concepts and measures provided by the theory provide a quantitative way of getting at some of these questions.
Password authentication with insecure communication
TL;DR: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system.
A logic of authentication
Michael Burrows,Martín Abadi,Roger M. Needham +2 more
- 01 Nov 1989
TL;DR: This paper describes the beliefs of trustworthy parties involved in authentication protocols and the evolution of these beliefs as a consequence of communication, and gives the results of the analysis of four published protocols.
A logic of authentication
TL;DR: This paper describes the beliefs of trustworthy parties involved in authentication protocols and the evolution of these beliefs as a consequence of communication, and gives the results of the analysis of four published protocols.
2.8K