Professional Documents
Culture Documents
Graphical Passwords
Sonia Chiasson, Alain Forget, Robert Biddle
Carleton University, Ottawa, Canada
Click-based graphical passwords
PassPoints Persuasive CCP (PCCP)
Cued Click-Points
(CCP)
http://hotsoft.carleton.ca 2
Accessibility?
Inaccessible for some user populations
◦ Rely on vision
◦ Rely on fine motor control
1 2 4 5
3
http://hotsoft.carleton.ca 3
Content vs Presentation
http://hotsoft.carleton.ca 4
Structure of click-based
graphical passwords
Presentation: Cue
◦ System triggers memory of password
Displays image
Selection: Response
◦ User provides secret
Clicks on specific area
http://hotsoft.carleton.ca 5
Generalized Cue-Response
Authentication Model
http://hotsoft.carleton.ca 6
Example: PassSounds
http://hotsoft.carleton.ca 7
PassSounds: Security
PassPoints: PassSounds:
◦ Image size 451x331 ◦ 30-second clip
◦ 5 clicks ◦ 5 clicks
◦ Tolerance 19x19 ◦ Tolerance 1 second
◦ Theoretical password ◦ Theoretical password
space 1.2 x 1013 ≈ 43 space 1.4 x 105 ≈ 17
bits bits
http://hotsoft.carleton.ca 8
Hotspots and Patterns
PassPoints PassSounds
◦ Choose similar ◦ Choose points related to
Click-points on an Lyrics
image (hotspots) Beats
Patterns (lines) Sequential order
http://hotsoft.carleton.ca 9
Alternatives
Any combination of presentation and response
◦ Audio
As a cue to trigger behaviour other than click
◦ Haptics
As a cue or as input
Caution:
◦ Cue and response cannot be evaluated in isolation
http://hotsoft.carleton.ca 10
Summary
General cue-response authentication
◦ Allows for
separation of cue and response
modalities most appropriate for different users
http://hotsoft.carleton.ca 11
chiasson@scs.carleton.ca
http://hotsoft.carleton.ca/security
http://hotsoft.carleton.ca 12