Graphical passwords as browser extension: Implementation and usability study

Kemal Bicakci; Mustafa Yuceel; Burak Erdeniz; Hakan Gurbaslar; Nart Bedin Atalay

doi:10.1007/978-3-642-02056-8_2

Graphical passwords as browser extension: Implementation and usability study

Kemal Bicakci, Mustafa Yuceel, Burak Erdeniz, Hakan Gurbaslar, Nart Bedin Atalay

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

8 Citations (Scopus)

Abstract

Today, most Internet applications still establish user authentication with traditional text based passwords. Designing a secure as well as a user friendly password-based method has been on the agenda of security researchers for a long time. On one hand, there are password manager programs which facilitate generating site-specific strong passwords from a single user password to eliminate the memory burden due to multiple passwords. On the other hand, there are studies exploring the viability of graphical passwords as a more secure and user-friendly alternative. In this paper, we present GPEX, a password manager program implemented as a web browser plug-in to enable using graphical passwords to secure Internet applications without any need to change their authentication interface. Experimental results show that GPEX has security and usability advantages over other password manager plug-ins. specifically; we find that with the visual interface of GPEX, users have a more complete and accurate mental model of the system and incorrect login attempts causing security exposures can easily be avoided.

Original language	English
Title of host publication	Trust Management III - 3rd IFIP WG 11.11 International Conference, IFIPTM 2009, Proceedings
Editors	Elena Ferrari, Ninghui Li, Elisa Bertino, Yuecel Karabulut
Publisher	Springer New York LLC
Pages	15-29
Number of pages	15
ISBN (Print)	9783642020551
DOIs	https://doi.org/10.1007/978-3-642-02056-8_2
Publication status	Published - 2009
Externally published	Yes
Event	3rd IFIP WG 11.11 International Conference on Trust Management, IFIPTM 2009 - West Lafayette, United States Duration: 15 Jun 2009 → 19 Jun 2009

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	300
ISSN (Print)	1868-4238
ISSN (Electronic)	1868-422X

Conference

Conference	3rd IFIP WG 11.11 International Conference on Trust Management, IFIPTM 2009
Country/Territory	United States
City	West Lafayette
Period	15/06/09 → 19/06/09

Bibliographical note

Publisher Copyright:
© IFIP International Federation for Information Processing 2009.

Funding

This research is supported by TUBİTAK (The Scientific and Technological Research Council of Turkey) under project number 107E227.

Funders	Funder number
TUBİTAK
Türkiye Bilimsel ve Teknolojik Araştirma Kurumu	107E227

Keywords

Authe ntication
Graphical password
Password manager
Usable security

Access to Document

10.1007/978-3-642-02056-8_2

Cite this

Bicakci, K., Yuceel, M., Erdeniz, B., Gurbaslar, H., & Atalay, N. B. (2009). Graphical passwords as browser extension: Implementation and usability study. In E. Ferrari, N. Li, E. Bertino, & Y. Karabulut (Eds.), Trust Management III - 3rd IFIP WG 11.11 International Conference, IFIPTM 2009, Proceedings (pp. 15-29). (IFIP Advances in Information and Communication Technology; Vol. 300). Springer New York LLC. https://doi.org/10.1007/978-3-642-02056-8_2

Bicakci, Kemal ; Yuceel, Mustafa ; Erdeniz, Burak et al. / Graphical passwords as browser extension : Implementation and usability study. Trust Management III - 3rd IFIP WG 11.11 International Conference, IFIPTM 2009, Proceedings. editor / Elena Ferrari ; Ninghui Li ; Elisa Bertino ; Yuecel Karabulut. Springer New York LLC, 2009. pp. 15-29 (IFIP Advances in Information and Communication Technology).

@inproceedings{af7d6c482c82434e95f93b69ccb666f2,

title = "Graphical passwords as browser extension: Implementation and usability study",

abstract = "Today, most Internet applications still establish user authentication with traditional text based passwords. Designing a secure as well as a user friendly password-based method has been on the agenda of security researchers for a long time. On one hand, there are password manager programs which facilitate generating site-specific strong passwords from a single user password to eliminate the memory burden due to multiple passwords. On the other hand, there are studies exploring the viability of graphical passwords as a more secure and user-friendly alternative. In this paper, we present GPEX, a password manager program implemented as a web browser plug-in to enable using graphical passwords to secure Internet applications without any need to change their authentication interface. Experimental results show that GPEX has security and usability advantages over other password manager plug-ins. specifically; we find that with the visual interface of GPEX, users have a more complete and accurate mental model of the system and incorrect login attempts causing security exposures can easily be avoided.",

keywords = "Authe ntication, Graphical password, Password manager, Usable security",

author = "Kemal Bicakci and Mustafa Yuceel and Burak Erdeniz and Hakan Gurbaslar and Atalay, {Nart Bedin}",

note = "Publisher Copyright: {\textcopyright} IFIP International Federation for Information Processing 2009.; 3rd IFIP WG 11.11 International Conference on Trust Management, IFIPTM 2009 ; Conference date: 15-06-2009 Through 19-06-2009",

year = "2009",

doi = "10.1007/978-3-642-02056-8_2",

language = "English",

isbn = "9783642020551",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer New York LLC",

pages = "15--29",

editor = "Elena Ferrari and Ninghui Li and Elisa Bertino and Yuecel Karabulut",

booktitle = "Trust Management III - 3rd IFIP WG 11.11 International Conference, IFIPTM 2009, Proceedings",

}

Bicakci, K, Yuceel, M, Erdeniz, B, Gurbaslar, H & Atalay, NB 2009, Graphical passwords as browser extension: Implementation and usability study. in E Ferrari, N Li, E Bertino & Y Karabulut (eds), Trust Management III - 3rd IFIP WG 11.11 International Conference, IFIPTM 2009, Proceedings. IFIP Advances in Information and Communication Technology, vol. 300, Springer New York LLC, pp. 15-29, 3rd IFIP WG 11.11 International Conference on Trust Management, IFIPTM 2009, West Lafayette, United States, 15/06/09. https://doi.org/10.1007/978-3-642-02056-8_2

Graphical passwords as browser extension: Implementation and usability study. / Bicakci, Kemal; Yuceel, Mustafa; Erdeniz, Burak et al.
Trust Management III - 3rd IFIP WG 11.11 International Conference, IFIPTM 2009, Proceedings. ed. / Elena Ferrari; Ninghui Li; Elisa Bertino; Yuecel Karabulut. Springer New York LLC, 2009. p. 15-29 (IFIP Advances in Information and Communication Technology; Vol. 300).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Graphical passwords as browser extension

T2 - 3rd IFIP WG 11.11 International Conference on Trust Management, IFIPTM 2009

AU - Bicakci, Kemal

AU - Yuceel, Mustafa

AU - Erdeniz, Burak

AU - Gurbaslar, Hakan

AU - Atalay, Nart Bedin

N1 - Publisher Copyright: © IFIP International Federation for Information Processing 2009.

PY - 2009

Y1 - 2009

N2 - Today, most Internet applications still establish user authentication with traditional text based passwords. Designing a secure as well as a user friendly password-based method has been on the agenda of security researchers for a long time. On one hand, there are password manager programs which facilitate generating site-specific strong passwords from a single user password to eliminate the memory burden due to multiple passwords. On the other hand, there are studies exploring the viability of graphical passwords as a more secure and user-friendly alternative. In this paper, we present GPEX, a password manager program implemented as a web browser plug-in to enable using graphical passwords to secure Internet applications without any need to change their authentication interface. Experimental results show that GPEX has security and usability advantages over other password manager plug-ins. specifically; we find that with the visual interface of GPEX, users have a more complete and accurate mental model of the system and incorrect login attempts causing security exposures can easily be avoided.

AB - Today, most Internet applications still establish user authentication with traditional text based passwords. Designing a secure as well as a user friendly password-based method has been on the agenda of security researchers for a long time. On one hand, there are password manager programs which facilitate generating site-specific strong passwords from a single user password to eliminate the memory burden due to multiple passwords. On the other hand, there are studies exploring the viability of graphical passwords as a more secure and user-friendly alternative. In this paper, we present GPEX, a password manager program implemented as a web browser plug-in to enable using graphical passwords to secure Internet applications without any need to change their authentication interface. Experimental results show that GPEX has security and usability advantages over other password manager plug-ins. specifically; we find that with the visual interface of GPEX, users have a more complete and accurate mental model of the system and incorrect login attempts causing security exposures can easily be avoided.

KW - Authe ntication

KW - Graphical password

KW - Password manager

KW - Usable security

UR - http://www.scopus.com/inward/record.url?scp=84943560970&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-02056-8_2

DO - 10.1007/978-3-642-02056-8_2

M3 - Conference contribution

AN - SCOPUS:84943560970

SN - 9783642020551

T3 - IFIP Advances in Information and Communication Technology

SP - 15

EP - 29

BT - Trust Management III - 3rd IFIP WG 11.11 International Conference, IFIPTM 2009, Proceedings

A2 - Ferrari, Elena

A2 - Li, Ninghui

A2 - Bertino, Elisa

A2 - Karabulut, Yuecel

PB - Springer New York LLC

Y2 - 15 June 2009 through 19 June 2009

ER -

Bicakci K, Yuceel M, Erdeniz B, Gurbaslar H, Atalay NB. Graphical passwords as browser extension: Implementation and usability study. In Ferrari E, Li N, Bertino E, Karabulut Y, editors, Trust Management III - 3rd IFIP WG 11.11 International Conference, IFIPTM 2009, Proceedings. Springer New York LLC. 2009. p. 15-29. (IFIP Advances in Information and Communication Technology). doi: 10.1007/978-3-642-02056-8_2

Graphical passwords as browser extension: Implementation and usability study

Abstract

Publication series

Conference

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this