Investigating background pictures for picture gesture authentication
Clark, Paul C.
MetadataShow full item record
The military relies heavily on computer systems. Without a strong method of authentication to access these systems, threats to confi-dentiality, integrity, and availability of government information are likely to be more successful. A recent method of authentication for the Windows 8 and Windows 10 operating systems is picture gesture authentication (PGA), a new approach to entering a password to authenticate a user during system login. Each PGA password is composed of three gestures that are drawn over a picture chosen by the user. Strength requirements are set for PGA passwords similarly to text-based passwords. For simplicity, users tend to use shapes, colors, and objects in a picture, called points of interest (POI), as guidance when creating each gesture for their password. This concept provides an opportunity for potential hackers to make logical password guesses, decreasing the security of PGA. Previous work on PGA security used a proprietary brute-force algorithm to guess passwords based on POIs. We present a similar brute-force algorithm that is publicly available. We evaluate the eciency of the new algorithm against various background pictures and propose strength requirements to improve the security of PGA.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Magno, Marianna B. (Monterey, California. Naval Postgraduate School, 2003-12);The use of a password as the only traditional user authentication mechanism has been criticized for its weakness in computer security. One problem is for the user to select short, easy to remember passwords. Another problem ...
Beedenbender, Mark G. (Monterey, California. Naval Postgraduate School, 1992-03);A widely used access control mechanism is the password. Passwords are normally composed of a meaningful detail, such as a name of a person or a sequence of numbers such as birthdate. Any person attempting to gain unauthorized ...
Coley, John A. (Monterey, California. Naval Postgraduate School, 1991-03);Access control of computing systems is considered a key issue among Information Systems managers. There are different methods available to computing systems to ensure a proper authentication of a user. Authentication mechanisms ...