A visual dictionary attack on Picture Passwords

Amir Sadovnik, Tsuhan Chen

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

14 Scopus citations

Abstract

Microsoft's Picture Password provides a method to authenticate a user without the need of typing a character based password. The password consists of a set of gestures drawn on an image. The position, direction and order of these gestures constitute the password. Besides being more convenient to use on touch screen devices, this authentication method promises improved memorability in addition to improving the password strength against guessing attacks. However, how unpredictable is the picture password? In this paper we exploit the fact that different users are drawn to similar image regions, and therefore these passwords are vulnerable to guessing attacks. More specifically, we show that for portrait pictures users are strongly drawn to use facial features as gesture locations. We collect a set of Picture Passwords and, using computer vision techniques, derive a list of password guesses in decreasing probability order. We show that guessing in this order we are able to improve the likelihood of cracking a password within a limited number of guesses.

Original languageEnglish
Title of host publication2013 IEEE International Conference on Image Processing, ICIP 2013 - Proceedings
PublisherIEEE Computer Society
Pages4447-4451
Number of pages5
ISBN (Print)9781479923410
DOIs
StatePublished - 2013
Externally publishedYes
Event2013 20th IEEE International Conference on Image Processing, ICIP 2013 - Melbourne, VIC, Australia
Duration: Sep 15 2013Sep 18 2013

Publication series

Name2013 IEEE International Conference on Image Processing, ICIP 2013 - Proceedings

Conference

Conference2013 20th IEEE International Conference on Image Processing, ICIP 2013
Country/TerritoryAustralia
CityMelbourne, VIC
Period09/15/1309/18/13

Keywords

  • Graphical Password
  • Picture Password

Fingerprint

Dive into the research topics of 'A visual dictionary attack on Picture Passwords'. Together they form a unique fingerprint.

Cite this