A Usability Evaluation of Image and Emojis in Graphical Password

  • Authors

    • Nur Syabila Zabidi
    • Noris Mohd Norowi
    • Rahmita Wirza O.K. Rahmat
    https://doi.org/10.14419/ijet.v7i4.31.23719

    Received date: December 12, 2018

    Accepted date: December 12, 2018

    Published date: December 9, 2018

  • smartphones, authentication, graphical password, usability,

  • Abstract

    This paper presented user preferences in applying image and emojis use in graphical password authentication application.  There is generally lack of two-factor authentication (2FA) approach in mobile devices.  A preliminary study and a user study (N=30) have been conducted to investigate on usability and security issues.  Both of the studies revealed the method of applying picture superiority effect to enhance memorability of graphical password. 

  • References

    1. B. Horne, “Humans in the loop,” IEEE Secur. Priv., vol. 12, no. 1, pp. 3–4, 2014.
    2. M. M. Eloff and J. H. P. Eloff, “Human Computer Interaction: An Information Security Perspectives,” in Security in the Information Society: Visions and Perspectives, M. A. Ghonaimy, M. T. El-Hadidi, and H. K. Aslan, Eds. Boston, MA: Springer US, 2002, pp. 535–545.
    3. S. Srivastava and P. S. Sudhish, “Continuous multi-biometric user authentication fusion of face recognition and keystoke dynamics,” in 2016 IEEE Region 10 Humanitarian Technology Conference (R10-HTC), 2016, pp. 1–7.
    4. A. Ometov, S. Bezzateev, N. Mäkitalo, S. Andreev, T. Mikkonen, and Y. Koucheryavy, “Multi-Factor Authentication: A Survey,” Cryptography, vol. 2, no. 1, p. 1, 2018.
    5. A. Kemshall, “Why mobile two-factor authentication makes sense,” Netw. Secur., vol. 2011, no. 4, pp. 9–12, 2011.
    6. A. Adams and M. A. Sasse, “Users are not the enemy,” Commun. ACM, vol. 42, no. 12, pp. 40–46, Dec. 1999.
    7. R. Harrison, D. Flood, and D. Duce, “Usability of mobile applications : literature review and rationale for a new usability model,” Int. J. Mob. Hum. Comput. Interact., vol. 6, no. 1, pp. 54–70, 2014.
    8. K. Renaud and A. De Angeli, “My password is here! An investigation into visuo-spatial authentication mechanisms,” Interact. Comput., vol. 16, no. 6, pp. 1017–1041, 2004.
    9. P. Andriotis, T. Tryfonas, G. Oikonomou, and C. Yildiz, “A pilot study on the security of pattern screen-lock methods and soft side channel attacks,” ACM WiSec, p. 1, 2013.
    10. M. O. Derawi, “Biometric options for mobile phone authentication,” Biometric Technol. Today, vol. 2011, no. 10, pp. 5–7, 2011.
    11. M. Klíma, A. J. Sporka, and J. Franc, “You are who you know : user authentication by face recognition,” Proc. 7th ICDVRAT with ArtAbilitation, Maia, Port., pp. 97–102, 2008.
    12. S. Kumar Jena, “Graphical User Authentication,” no. May, 2013.
    13. T. O. Nelson, G. Greene, B. Ronk, G. Hatchett, and V. Igl, “Effect of multiple images on associative learning,” Mem. Cognit., vol. 6, no. 4, pp. 337–341, 1978.
    14. R. Biddle, S. Chiasson, and P. C. Van Oorschot, “Graphical Passwords : Learning from the First Twelve Years,” Security, vol. V, pp. 1–43, 2009.
    15. L. M. Mayron, “Biometric Authentication on Mobile Devices,” 2015 IEEE Secur. Priv., vol. 13, no. 3, pp. 70–73, 2015.
    16. M. Souppaya and K. Scarfone, “Guidelines for Managing the Security of Mobile Devices in the Enterprise,” NIST Spec. Publ. 800-124, Revis. 1, pp. 1–30, 2013.
    17. A. F. Abate, M. Nappi, and S. Ricciardi, “Smartphone enabled person authentication based on ear biometrics and arm gesture,” in 2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC), 2016, pp. 003719–003724.
    18. N. Gunson, D. Marshall, H. Morton, and M. Jack, “User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking,” Comput. Secur., vol. 30, no. 4, pp. 208–220, 2011.
    19. E. De Cristofaro, H. Du, J. Freudiger, and G. Norcie, “A Comparative Usability Study of Two-Factor Authentication,” in Proceedings 2014 Workshop on Usable Security, 2014.
    20. C. L. Liu, C. J. Tsai, T. Y. Chang, W. J. Tsai, and P. K. Zhong, “Implementing multiple biometric features for a recall-based graphical keystroke dynamics authentication system on a smart phone,” J. Netw. Comput. Appl., vol. 53, pp. 128–139, 2015.
    21. M. Rogowski, K. Saeed, M. Rybnik, M. Tabedzki, and M. Adamski, “User Authentication for Mobile Devices,” in Computer Information Systems and Industrial Management: 12th IFIP TC8 International Conference, CISIM 2013, Krakow, Poland, September 25-27, 2013. Proceedings, K. Saeed, R. Chaki, A. Cortesi, and S. Wierzchoń, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013, pp. 47–58.
    22. S. Wiedenbeck, J. Waters, J.-C. Birget, A. Brodskiy, and N. Memon, “Authentication using graphical passwords,” Proc. 2005 Symp. Usable Priv. Secur. - SOUPS ’05, pp. 1–12, 2005.
    23. C. L. Grady, A. R. McIntosh, M. N. Rajah, and F. I. M. Craik, “Neural correlates of the episodic encoding of pictures and words,” Proc. Natl. Acad. Sci., vol. 95, no. 5, pp. 2703–2708, Mar. 1998.
    24. A. Paivio, Mind and Its Evolution, no. 2007. Routledge, 2006.
    25. P. Andriotis, T. Tryfonas, and G. Oikonomou, “Complexity metrics and user strength perceptions of the pattern-lock graphical authentication method,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 8533 LNCS, pp. 115–126, 2014.
    26. N. L. Clarke and S. M. Furnell, “Authentication of users on mobile telephones - A survey of attitudes and practices,” Comput. Secur., vol. 24, no. 7, pp. 519–527, 2005.
    27. Y. Li, J. Yang, M. Xie, D. Carlson, H. G. Jang, and J. Bian, “Comparison of PIN- and pattern-based behavioral biometric authentication on mobile devices,” Proc. - IEEE Mil. Commun. Conf. MILCOM, vol. 2015–Decem, pp. 1317–1322, 2015.
    28. R. Biddle, S. Chiasson, and P. C. Van Oorschot, “Graphical Passwords : Learning from the First Twelve Years,” ACM Comput. Surv., vol. 44, no. 4, pp. 1–43, 2012.
    29. A. De Angeli, L. Coventry, G. Johnson, and K. Renaud, “Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems,” Int. J. Hum. Comput. Stud., vol. 63, no. 1–2, pp. 128–152, 2005.
    30. Y. Ma, “Can More Pictures Bring More Readership?: An Examination of the ‘Picture Superiority Effect’ in the News Consumption Process,” Procedia - Soc. Behav. Sci., vol. 236, no. December 2015, pp. 34–38, Dec. 2016.
    31. P. Dunphy, “Usable, Secure and Deployable Graphical Passwords,” no. November, p. 189, 2012.
    32. N. BEVAN, “International standards for HCI and usability,” Int. J. Hum. Comput. Stud., vol. 55, no. 4, pp. 533–552, 2001.
    33. R. Kainda, I. Flechais, and A. W. Roscoe, “Security and usability: Analysis and evaluation,” ARES 2010 - 5th Int. Conf. Availability, Reliab. Secur., pp. 275–282, 2010.
    34. C. Braz and J.-M. Robert, “Security and usability,” Proc. 18th Int. Conf. Assoc. Francoph. d’Interaction Homme-Machine - IHM ’06, no. January, pp. 199–203, 2006.
    35. F. Schaub, M. Walch, B. Könings, and M. Weber, “Exploring the design space of graphical passwords on smartphones,” Proc. Ninth Symp. Usable Priv. Secur. - SOUPS ’13, p. 1, 2013.
    36. H. Tao and C. Adams, “Pass-Go: A proposal to improve the usability of graphical passwords,” Int. J. Netw. Secur., vol. 7, no. 2, pp. 273–292, 2008.
    37. D. Ritter, F. Schaub, M. Walch, and M. Weber, “MIBA: Multitouch Image-Based Authentication on Smartphones,” CHI ’13 Ext. Abstr. Hum. Factors Comput. Syst., pp. 787–792, 2013.
    38. M. Golla, D. Detering, and M. Dürmuth, “EmojiAuth: Quantifying the Security of Emoji-based Authentication,” Proc. Usable Secur. Mini Conf., pp. 1–13, 2017.
    39. T. Seitz, F. Mathis, and H. Hussmann, “The Bird is the Word: A Usability Evaluation of Emojis inside Text Passwords,” Proc. 29th Aust. Conf. Human-Computer Interact. (OzCHI 2017), p. 9, 2017.
    40. M. Belk, A. Pamboris, C. Fidas, C. Katsini, N. Avouris, and G. Samaras, “Sweet-spotting security and usability for intelligent graphical authentication mechanisms,” Proc. Int. Conf. Web Intell. - WI ’17, pp. 252–259, 2017.
    41. L. Fullerton, "Global mobile device usage is expected to reach more than 5.5bn users by 2022," 20 July 2017. [Online]. Available: http://www.thedrum.com/news/2017/07/20/global-mobile-device-usage-expected-reach-more-55bn-users-2022. [Accessed 14 March 2018].
    42. "Number of smartphone users in Malaysia from 2015 to 2022 (in millions)*," [Online]. [Accessed 14 March 2018].
    43. "What is 2FA?," A Shearwater Group plc Company , [Online]. Available: https://www.securenvoy.com/two-factor-authentication/what-is-2fa.shtm. [Accessed 14 March 2018].
    44. "Stronger security for your Google Account," [Online]. Available: https://www.google.com/landing/2step/index.html#tab=how-it-protects. [Accessed 14 March 2018].
    45. "Multifactor Authentication Market by Model (Two-, Three-, Four-, and Five-Factor), Application (Banking and Finance, Government, Military and Defense, Commercial Security, Consumer Electronics, Healthcare), and Geography - Global Forecast to 2022," May 2017. [Online]. Available: https://www.marketsandmarkets.com/Market-Reports/multi-factor-authentication-market-877.html. [Accessed 14 March 2018].
    46. EmojiArtStudio, "Emoji Lock Screen," Google, 27 February 2018. [Online]. Available: https://play.google.com/store/apps/details?id=com.emoji.smiley.locker&hl=en. [Accessed 21 March 2018].

  • Downloads

  • How to Cite

    Syabila Zabidi, N., Mohd Norowi, N., & Wirza O.K. Rahmat, R. (2018). A Usability Evaluation of Image and Emojis in Graphical Password. International Journal of Engineering and Technology, 7(4.31), 400-407. https://doi.org/10.14419/ijet.v7i4.31.23719