Password Cueing with Cue (Ink) Blots
Date: July 2008
Publication: IADIS Computer Graphics and Visualization, CGV 2008
Page(s): 74 - 81
Source 1: http://www.dcs.gla.ac.uk/~karen/Papers/cueblotPaper.pdf
Source 2: http://www.mcbryan.co.uk/papers/cueblots.pdf
People forget passwords daily, and this leads to frustration and potential loss of revenue commercially. Mechanisms for proving identity in the face of forgotten passwords are mostly unsatisfactory, because they are so insecure. The problem is that it is difficult to handle password replacements efficiently. One of two people could be requesting the replacement: the legitimate user or a potential intruder. Unfortunately, the system doesn’t have any way of knowing which it is. Some systems make an effort to confirm identity by using one or more challenge questions. The user provides the answers to these questions at enrolment, and the rationale is that if the requestor can provide the same answer later, it must be the same user. Of course this assumption is flawed because the answers could be discovered or known by an intruder. An alternative to challenge questions, explored in this paper, is the use of an abstract image to elicit a textual description. This description could be used as the password, or as an alternative to the challenge questions. We report on an experiment which tested images as cues.
Do you have additional information to contribute regarding this research paper? If so, please email firstname.lastname@example.org with the details.