TY - GEN
T1 - A visual dictionary attack on Picture Passwords
AU - Sadovnik, Amir
AU - Chen, Tsuhan
PY - 2013
Y1 - 2013
N2 - Microsoft's Picture Password provides a method to authenticate a user without the need of typing a character based password. The password consists of a set of gestures drawn on an image. The position, direction and order of these gestures constitute the password. Besides being more convenient to use on touch screen devices, this authentication method promises improved memorability in addition to improving the password strength against guessing attacks. However, how unpredictable is the picture password? In this paper we exploit the fact that different users are drawn to similar image regions, and therefore these passwords are vulnerable to guessing attacks. More specifically, we show that for portrait pictures users are strongly drawn to use facial features as gesture locations. We collect a set of Picture Passwords and, using computer vision techniques, derive a list of password guesses in decreasing probability order. We show that guessing in this order we are able to improve the likelihood of cracking a password within a limited number of guesses.
AB - Microsoft's Picture Password provides a method to authenticate a user without the need of typing a character based password. The password consists of a set of gestures drawn on an image. The position, direction and order of these gestures constitute the password. Besides being more convenient to use on touch screen devices, this authentication method promises improved memorability in addition to improving the password strength against guessing attacks. However, how unpredictable is the picture password? In this paper we exploit the fact that different users are drawn to similar image regions, and therefore these passwords are vulnerable to guessing attacks. More specifically, we show that for portrait pictures users are strongly drawn to use facial features as gesture locations. We collect a set of Picture Passwords and, using computer vision techniques, derive a list of password guesses in decreasing probability order. We show that guessing in this order we are able to improve the likelihood of cracking a password within a limited number of guesses.
KW - Graphical Password
KW - Picture Password
UR - http://www.scopus.com/inward/record.url?scp=84897769651&partnerID=8YFLogxK
U2 - 10.1109/ICIP.2013.6738916
DO - 10.1109/ICIP.2013.6738916
M3 - Conference contribution
AN - SCOPUS:84897769651
SN - 9781479923410
T3 - 2013 IEEE International Conference on Image Processing, ICIP 2013 - Proceedings
SP - 4447
EP - 4451
BT - 2013 IEEE International Conference on Image Processing, ICIP 2013 - Proceedings
PB - IEEE Computer Society
T2 - 2013 20th IEEE International Conference on Image Processing, ICIP 2013
Y2 - 15 September 2013 through 18 September 2013
ER -