TY - GEN
T1 - PassTag
T2 - 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020
AU - Han, Joon Kuy
AU - Bi, Xiaojun
AU - Kim, Hyoungshick
AU - Woo, Simon S.
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/10/5
Y1 - 2020/10/5
N2 - Designing a fallback authentication mechanism that is both memorable and strong is a challenging problem because of the trade-off between usability and security. Security questions are popularly used as a fallback authentication method for password recovery.However, they are prone to guessing attacks by users' acquaintances and may be hard to recall. To overcome these limitations, we present PassTag, a hybrid password scheme that takes advantage of both graphical and textual password authentication methods. PassTag combines a user-provided image and a short personalized text description of the image, imagetag, as an authentication secret.Furthermore, PassTag incorporates decoy images to make it difficult to guess the user-provided pictures. We conducted three user studies with 161 participants for up to three months to evaluate the performance of PassTag against security questions. The evaluation results demonstrate that PassTag is significantly stronger against close adversaries and highly memorable (92.6%-95.0%) after one,two, and three months, respectively. Our longitudinal study results show PassTag is a promising alternative for fallback authentication.
AB - Designing a fallback authentication mechanism that is both memorable and strong is a challenging problem because of the trade-off between usability and security. Security questions are popularly used as a fallback authentication method for password recovery.However, they are prone to guessing attacks by users' acquaintances and may be hard to recall. To overcome these limitations, we present PassTag, a hybrid password scheme that takes advantage of both graphical and textual password authentication methods. PassTag combines a user-provided image and a short personalized text description of the image, imagetag, as an authentication secret.Furthermore, PassTag incorporates decoy images to make it difficult to guess the user-provided pictures. We conducted three user studies with 161 participants for up to three months to evaluate the performance of PassTag against security questions. The evaluation results demonstrate that PassTag is significantly stronger against close adversaries and highly memorable (92.6%-95.0%) after one,two, and three months, respectively. Our longitudinal study results show PassTag is a promising alternative for fallback authentication.
KW - fallback authentication
KW - graphical passwords
KW - security questions
UR - https://www.scopus.com/pages/publications/85096368227
U2 - 10.1145/3320269.3384737
DO - 10.1145/3320269.3384737
M3 - Conference contribution
AN - SCOPUS:85096368227
T3 - Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020
SP - 60
EP - 72
BT - Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020
PB - Association for Computing Machinery, Inc
Y2 - 5 October 2020 through 9 October 2020
ER -