Sciweavers

CHI
2008
ACM

Undercover: authentication usable in front of prying eyes

14 years 4 months ago
Undercover: authentication usable in front of prying eyes
A number of recent scams and security attacks (phishing, spyware, fake terminals, ...) hinge on a crook's ability to observe user behavior. In this paper, we describe the design, implementation, and evaluation of a novel class of user authentication systems that are resilient to observation attacks. Our proposal is the first to rely on the human ability to simultaneously process multiple sensory inputs to authenticate, and is resilient to most observation attacks. We build a prototype based on user feedback gained through low fidelity tests. We conduct a within-subjects usability study of the prototype with 38 participants, which we complement with a security analysis. Our results show that users can authenticate within times comparable to that of graphical password schemes, with relatively low error rates, while being considerably better protected against observation attacks. Our design and evaluation process allows us to outline design principles for observation-resilient authe...
Hirokazu Sasamoto, Nicolas Christin, Eiji Hayashi
Added 30 Nov 2009
Updated 30 Nov 2009
Type Conference
Year 2008
Where CHI
Authors Hirokazu Sasamoto, Nicolas Christin, Eiji Hayashi
Comments (0)