Transcript Visual Authentication Mechanisms

Visual Authentication
Mechanisms
Rationale
• “Human memory for images is better than
for words”
• Human memory for faces in particular is
extremely good.
Graphical Cues - Passfaces
• 1 response, 8
distractors
• 4 panels
• High recall rates
after long periods of
non-use
Passfaces
• Pros
– Good recall rates even after long periods of non-use
(95% after one week, ~90% after up to 3 months)
• Cons
– load on end-system and network
– Takes longer than standard password; not suitable
for frequent tasks (see Brostoff & Sasse, 2000)
– performance plummets with change more than one
set of faces is used
Graphical cues - Déjà vu
• User creates image portfolio, selecting
random art images from a set
• System presents challenge set, user picks
correct response
– n portfolio images from set of m distractors
– 1 image from n sets
Déjà vu
• Pros
– Registration is faster than photo
– Better recall rates (90%) after one week than
password or PINs (65%) but worse than photo
• Cons
– 70% of random art images are usable – selection
must be done by hand
– Registration & login take longer than than PINs,
passwords, or photographs
– Image files must be stored on trusted and secured
server (Kerberos)
Graphical passwords – v-go
User clicks on a selected number of objects in particular order
Single sign-on
• Central service for authentication and
changing passwords
• Server- or client-based
• Password-based, graphics-based
– e.g. Passlogix v-go SSO
• www.passlogix.com
• Biometric-based
– e.g. Siemens ID mouse plus ID Centre
• http://www.siemensidmouse.com/
Single sign-on
• Pros
– Reduces number of user_ids and passwords
– Can incorporate policies (e.g. password content and
change regimes)
• Cons
– High cost of retro-fitting
– Needs to be very well set up and administred to work
(users will have no idea about “downstream passwords)
– Server-based provides point of failure/vulnerability
Compound Weak Clues
• Pros
– Can use memorable clues
– Can be configured to tolerate some misses
• Cons
– Takes longer than standard login
– Users often still unsure of “correct” answer e.g.
• “Fake” answers to protect themselves
• Different ways of referring to first school
– Clues are not a secret
Example: Compound Clues in
Telephone Banking
Q: Letter 2 and 4 of your password?
A: i, and i
Q: First and last digit of your PIN?
A: 6 and 9
Q: What is your mother’s maiden name?
A: Kummerbund
Q: First school you visited?
A: Ampleforth
Passfaces
• Use homogeneous image sets (same
gender, same ethnicity)
• With multiple passwords, different image
sets can be used
Compound Weak Clues, v. 2
Q: Your password?
A: indiana
Q: Your PIN?
A: 6789
Q: What is your mother’s maiden name?
A: Kummerbund
Q: First school you visited?
A: Ampleforth
Compound weak clues
• Are clues a secret?
• If not, users may attempt to “fix” this by
generating “fake” answers, then have
trouble recalling that/how they faked it.
Changes to policies
• Increase number of login attempts
– Many users succeed on 4th, 5th, 6th attempt
(see Brostoff & Sasse, 2003)
• Allow usage of same password on several
systems
• Decrease frequency of password changes
Personal Entropy (2)
• Reminder: Draw on strong personal
memories that are well-established in longterm memory (childhood).
“Choosing good questions is difficult but
probably the most important part of the
system.”
C. Ellison, C. Hall, R. Milbert & B. Schneier:
Protecting secret keys with personal entropy.
Example questions
Q: First song I danced to with an unrelated
member of the opposite sex?
Q: First car I wish I could have owned?
Q: First car I drove?
Q: Where was I during my first romantic kiss?
Example questions
1) Response to the sentence “I really like the
clever way you ________”
2) (first) (last) (past) (prep) on the timetable
3) (past) (first) (last) in the swimming pool
Custom questions
“It takes considerable time to get into the
right frame of mind. However, once in
that frame of mind, it is possible to
generate prompts at the rate of about 1 per
minute.”
C. Ellison, C. Hall, R. Milbert & B. Schneier:
Protecting secret keys with personal entropy.
Mnemonic techniques (1)
• Make up sentence to memorise password
or PIN
– Personal entropy
– funny, outrageous content helps to memorise
(and prevents disclosure)
– Tie word to name of system or application
(especially for owners of multiple passwords)
– Repeat often during day of construction
Examples
• Make up sentence on randomly
generated phrase
m,1aNibs0n
• Make up your own phrase
wm”&itMoG
• Abbreviate and contract several words
and use SALT
Mnemonic techniques (2)
• Play to users’ memory strength
– Visual (images)
n5us3Ff
– Perceptual-motor (keyboard)
Ydceid[z
– Rhymes, songs, poems
W1’m64
Mnemonic techniques (3)
• Use context as cue or mnemonic
– Physical environment
– Workspace
– People
•  v-go graphical passwords
Personal Entropy
• Encrypting a password or passphrase using
answers to several personal questions.
• Users can forget answers to a subset of
questions and still recover the personal key.
– Split long passphrase into several short ones that are
independent of each other; effort of guessing
equivalent to brute force attack.
– Each encrypt each question separately, use personal
hints to recover.
Pro-active password checking
• Purpose: prevent weak passwords
• Regular checks on password file (sysadmin
mimicks hacker)
• Immediate feedback at registration stage is
better
• Feedback should be polite and constructive
• Complex policies on password content +
unhelpful password checker = very frustrated
user
Exercise
Design a visual authentication system.