Investigating background pictures for picture gesture authentication
Clark, Paul C.
MetadataShow full item record
The military relies heavily on computer systems. Without a strong method of authentication to access these systems, threats to confi-dentiality, integrity, and availability of government information are likely to be more successful. A recent method of authentication for the Windows 8 and Windows 10 operating systems is picture gesture authentication (PGA), a new approach to entering a password to authenticate a user during system login. Each PGA password is composed of three gestures that are drawn over a picture chosen by the user. Strength requirements are set for PGA passwords similarly to text-based passwords. For simplicity, users tend to use shapes, colors, and objects in a picture, called points of interest (POI), as guidance when creating each gesture for their password. This concept provides an opportunity for potential hackers to make logical password guesses, decreasing the security of PGA. Previous work on PGA security used a proprietary brute-force algorithm to guess passwords based on POIs. We present a similar brute-force algorithm that is publicly available. We evaluate the eciency of the new algorithm against various background pictures and propose strength requirements to improve the security of PGA.
Approved for public release; distribution is unlimited
Showing items related by title, author, creator and subject.
Magno, Marianna B. (Monterey, California. Naval Postgraduate School, 1996-09);The use of a password as the only traditional user authentication mechanism has been criticized for its weakness in computer security. One problem is for the user to select short, easy to remember passwords. Another problem ...
Beedenbender, Mark G. (Monterey, California. Naval Postgraduate School, 1990-03);A widely used access control mechanism is the password. Passwords are normally composed of a meaningful detail, such as a name of a person or a sequence of numbers such as birthdate. Any person attempting to gain unauthorized ...
Mok, Chuan-Hao. (Monterey, California. Naval Postgraduate School, 2009-12);The move toward e-government has seen many institutions put special focus on the need for security, especially that of authentication. Single-factor password-based systems have been proven inadequate in safeguarding online ...