Training johnny to authenticate (Safely)

Amir Herzberg, Ronen Margulies

Research output: Contribution to journalArticlepeer-review

3 Scopus citations

Abstract

The authors present the results of a long-term user study of site-based login mechanisms that train users to log in safely. Interactive site-identifying images received 70 percent detection rates, which is significantly better than the 20 percent received by the typical login ceremony. They also found that combining login bookmarks with interactive images and nonworking buttons or links (called negative training functions) achieved the best detection rates (82 percent) and overall resistance rates (93 percent). Because interactive custom images provide effective user training against phishing, the authors extended its authentication usages. The authors present an adaptive authentication mechanism based on recognition of multiple custom images, which can be used for different Web and mobile authentication scenarios. The mechanism relies on memorization of the custom images on each primary login, adaptively increasing the authentication difficulty on detection of impersonation attacks, and recognizing all images for fallback authentication.

Original languageEnglish
Article number6025344
Pages (from-to)37-45
Number of pages9
JournalIEEE Security and Privacy
Volume10
Issue number1
DOIs
StatePublished - Jan 2012

Bibliographical note

Funding Information:
We thank Ben Adida for his feedback and helpful suggestions. This work was supported by Israeli Science Foundation grant ISF1014/07.

Funding

We thank Ben Adida for his feedback and helpful suggestions. This work was supported by Israeli Science Foundation grant ISF1014/07.

FundersFunder number
Israel Science FoundationISF1014/07

    Keywords

    • fallback authentication
    • forcing functions
    • graphical passwords
    • human factors
    • long-term user study
    • memorability
    • password reset
    • phishing
    • training

    Fingerprint

    Dive into the research topics of 'Training johnny to authenticate (Safely)'. Together they form a unique fingerprint.

    Cite this