Title :
Training Johnny to Authenticate (Safely)
Author :
Herzberg, Amir ; Margulies, Ronen
Abstract :
The authors present the results of a long-term user study of site-based login mechanisms that train users to log in safely. Interactive site-identifying images received 70 percent detection rates, which is significantly better than the 20 percent received by the typical login ceremony. They also found that combining login bookmarks with interactive images and nonworking buttons or links (called negative training functions) achieved the best detection rates (82 percent) and overall resistance rates (93 percent). Because interactive custom images provide effective user training against phishing, the authors extended its authentication usages. The authors present an adaptive authentication mechanism based on recognition of multiple custom images, which can be used for different Web and mobile authentication scenarios. The mechanism relies on memorization of the custom images on each primary login, adaptively increasing the authentication difficulty on detection of impersonation attacks, and recognizing all images for fallback authentication.
Keywords :
Internet; image recognition; mobile computing; security of data; user interfaces; Web authentication scenario; adaptive authentication mechanism; fallback authentication; image memorization; image recognition; impersonation attacks detection; interactive image; login bookmark; login ceremony; mobile authentication scenario; negative training function; nonworking buttons; phishing; site-based login mechanism; user log-in; user training; Access control; Authentication; Browsers; Computer security; Electronic mail; Privacy; Training; fallback authentication; forcing functions; graphical passwords; human factors; long-term user study; memorability; password reset; phishing; training;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2011.129
