Visual Authentication Mechanisms

Rationale “Human memory for images is better than for words” Human memory for faces in particular is extremely good.

Graphical Cues - Passfaces 1 response, 8 distractors 4 panels High recall rates after long periods of non-use

Passfaces Pros –Good recall rates even after long periods of non-use (95% after one week, ~90% after up to 3 months) Cons –load on end-system and network –Takes longer than standard password; not suitable for frequent tasks (see Brostoff & Sasse, 2000) –performance plummets with change more than one set of faces is used

Graphical cues - Déjà vu User creates image portfolio, selecting random art images from a set System presents challenge set, user picks correct response –n portfolio images from set of m distractors –1 image from n sets

Déjà vu Pros –Registration is faster than photo –Better recall rates (90%) after one week than password or PINs (65%) but worse than photo Cons –70% of random art images are usable – selection must be done by hand –Registration & login take longer than than PINs, passwords, or photographs –Image files must be stored on trusted and secured server (Kerberos)

Graphical passwords – v-go User clicks on a selected number of objects in particular order

Single sign-on Central service for authentication and changing passwords Server- or client-based Password-based, graphics-based –e.g. Passlogix v-go SSO Biometric-based –e.g. Siemens ID mouse plus ID Centre

Single sign-on Pros –Reduces number of user_ids and passwords –Can incorporate policies (e.g. password content and change regimes) Cons –High cost of retro-fitting –Needs to be very well set up and administred to work (users will have no idea about “downstream passwords) –Server-based provides point of failure/vulnerability

Compound Weak Clues Pros –Can use memorable clues –Can be configured to tolerate some misses Cons –Takes longer than standard login –Users often still unsure of “correct” answer e.g. “Fake” answers to protect themselves Different ways of referring to first school –Clues are not a secret

Example: Compound Clues in Telephone Banking Q: Letter 2 and 4 of your password? A: i, and i Q: First and last digit of your PIN? A: 6 and 9 Q: What is your mother’s maiden name? A: Kummerbund Q: First school you visited? A: Ampleforth

Passfaces Use homogeneous image sets (same gender, same ethnicity) With multiple passwords, different image sets can be used

Compound Weak Clues, v. 2 Q: Your password? A: indiana Q: Your PIN? A: 6789 Q: What is your mother’s maiden name? A: Kummerbund Q: First school you visited? A: Ampleforth

Compound weak clues Are clues a secret? If not, users may attempt to “fix” this by generating “fake” answers, then have trouble recalling that/how they faked it.

Changes to policies Increase number of login attempts –Many users succeed on 4 th, 5 th, 6 th attempt (see Brostoff & Sasse, 2003) Allow usage of same password on several systems Decrease frequency of password changes

Personal Entropy (2) Reminder: Draw on strong personal memories that are well-established in long- term memory (childhood).

“Choosing good questions is difficult but probably the most important part of the system.” C. Ellison, C. Hall, R. Milbert & B. Schneier: Protecting secret keys with personal entropy.

Example questions Q: First song I danced to with an unrelated member of the opposite sex? Q: First car I wish I could have owned? Q: First car I drove? Q: Where was I during my first romantic kiss?

Example questions 1) Response to the sentence “I really like the clever way you ________” 2) (first) (last) (past) (prep) on the timetable 3) (past) (first) (last) in the swimming pool

Custom questions “It takes considerable time to get into the right frame of mind. However, once in that frame of mind, it is possible to generate prompts at the rate of about 1 per minute.” C. Ellison, C. Hall, R. Milbert & B. Schneier: Protecting secret keys with personal entropy.

Mnemonic techniques (1) Make up sentence to memorise password or PIN –Personal entropy –funny, outrageous content helps to memorise (and prevents disclosure) –Tie word to name of system or application (especially for owners of multiple passwords) –Repeat often during day of construction

Examples Make up sentence on randomly generated phrase m,1aNibs0n Make up your own phrase wm”&itMoG Abbreviate and contract several words and use SALT

Mnemonic techniques (2) Play to users’ memory strength –Visual (images) n5us3Ff –Perceptual-motor (keyboard) Ydceid[z –Rhymes, songs, poems W1’m64

Mnemonic techniques (3) Use context as cue or mnemonic –Physical environment –Workspace –People  v-go graphical passwords

Personal Entropy Encrypting a password or passphrase using answers to several personal questions. Users can forget answers to a subset of questions and still recover the personal key. –Split long passphrase into several short ones that are independent of each other; effort of guessing equivalent to brute force attack. –Each encrypt each question separately, use personal hints to recover.

Pro-active password checking Purpose: prevent weak passwords Regular checks on password file (sysadmin mimicks hacker) Immediate feedback at registration stage is better Feedback should be polite and constructive Complex policies on password content + unhelpful password checker = very frustrated user

Exercise Design a visual authentication system.