1 / 23

Graphical Passwords with Integrated Trustworthy Interface

Graphical Passwords with Integrated Trustworthy Interface. Patricia Lareau V P Product Management. TIPPI Workshop June 19, 2006. Authentication Design Goals. Consider Security and Usability. Usability. Security. Security Requirements.

sotodenise
Download Presentation

Graphical Passwords with Integrated Trustworthy Interface

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Graphical Passwords with Integrated Trustworthy Interface Patricia Lareau V P Product Management TIPPI Workshop June 19, 2006

  2. Authentication Design Goals Consider Security and Usability

  3. Usability Security Security Requirements • Randomly assigned • Unique to the application • Robust against known attacks • Simple • Reliable – no fallback needed • Not sharable casually or easily • Lacks social vulnerabilities • Useable anywhere • Two-way AuthN

  4. Security Usability Usability Requirements • Graphical User Interface • Intuitive to use • No user rules • Independent of user’s aptitude, training or attentiveness • No on-going training • EASY to use • Portable • Fun!

  5. Usability Security Successful AuthN is Both or Neither Design Leverages: • Secret • Interface • Protocol

  6. Passfaces Meets the Challenge Secure and Usable

  7. The Secret Based on Cognitive Science

  8. The Brain Deals with Faces Differently than Any Other Image Face recognition is a dedicated process which is different from general object recognition. Source: Face Recognition: A Literature Survey. National Institute of Standards and Technology

  9. In the Beginning… Thinking Outside of the Box Approach…. “Let’s Authenticate the Person” • Science has proven that we are genetically predisposed with a unique talent. • We all have the innate ability to easily recognize human faces. • There was a time that recognizing another's face could mean LIFE or DEATH. • Today that need is not so great, but the ability is still there. • There is a special place in the brain dedicated to facial recognition and facial recognition only.

  10. Recall vs. Recognize You must RECALL a password You simply RECOGNIZE a face Remember High School …. What kind of test did your prefer? Multiple Choice Fill in the Blank 1 2 3 g f w y

  11. Our approach Familiarize the user with a randomly-selected set of faces and check if they can recognize them when they see them again It’s as easy as recognizing an old friend

  12. Authentication Session The secret is • Random • Easy to recognize but • Difficult to describe/share • No “cribsheets” needed • Always Available • Intuitive - Independent of user age, language or education • Not socially vulnerable

  13. The Interface Reinforce the Design Objectives

  14. How Passfaces Works Library of Faces User Interface Users Are Assigned a Set of 5* Passfaces * Typical implementation – 3 to 7 possible as standard

  15. How Passfaces Works • 5 Passfaces are Associated with 40 associated decoys • Passfaces are presented in five 3 by 3 matrices each having 1 Passface and 8 decoys

  16. New Users are Familiarized with their Passfaces • Users enroll with a 2 to 4 minute familiarization process • Using instant feedback, encouragement, and simple dialogs, users are trained until they can easily recognize their Passfaces • The process is optimized and presented like an easy game Let’s Practice Let’s Practice Action Click OnYour Passface It’s Moving (There is only One on this Page)

  17. Familiarization Puts Cookies in the Brain Like a mindprintor brain cookie But, unlike fingerprints, Passfacesrequire no special hardware And, unlike browser cookies, Passfacesauthenticate the actual user

  18. Authentication Session The interface… • Graphical • Self-prompting • User cannot choose or reuse • NO burden of recall • 3X3 grid • Ergonomic • Maps to keypad, phone, pinpad • More entropy than a user chosen secret

  19. The Protocol Maximize Defenses – Maximize Usability

  20. Configuration Data • Grid set is random per user • Grids need not be secret but must be correct • AUTHENTICATION IS NOT POSSIBLE WITHOUT PRESENTATION OF CORRECT GRIDS • Mutual Authentication is implicit- user attentiveness unnecessary • Phishing today is stopped • Phishing tomorrow is hard work • Blacklisting is possible John Doe sparky123

  21. Grid Presentation • Multiple Grids • Random display within grid • Familiar order of grids for user comfort • Library Use • Thousands of random sets available • Shoulder surfing deterrent • Anti phishing strategies • Mutual AuthN enhanced

  22. A New Class of Authentication • Passfaces represents a new, 4th class of authentication: Cognometrics Recognition-Based Authentication

  23. Thank you! Patricia Lareau V P Product Management patricia.lareau@passfaces.com 805.544.1138 Questions?

More Related