{"title":"地理位置密码方案的可用性和安全性评价","authors":"Julie Thorpe, Brent MacRae, Amirali Salehi-Abari","doi":"10.1145/2501604.2501618","DOIUrl":null,"url":null,"abstract":"We design, implement, and evaluate GeoPass: an interface for digital map-based authentication where a user chooses a place as his or her password (i.e., a \"location-password\"). We conducted a multi-session in-lab/at-home user study to evaluate the usability, memorability, and security of location-passwords created with GeoPass. The results of our user study found that 97% of users were able to remember their location-password over the span of 8-9 days and most without any failed login attempts. Users generally welcomed GeoPass; all of the users who completed the study reported that they would at least consider using GeoPass for some of their accounts. We also perform an in-depth usability and security analysis of location-passwords. Our security analysis includes the effect of information that could be gleaned from social engineering. The results of our security analysis show that location-passwords created with GeoPass can have reasonable security against online attacks, even when accounting for social engineering attacks. Based on our results, we suggest GeoPass would be most appropriate in contexts where logins occur infrequently, e.g., as an alternative to secondary authentication methods used for password resets, or for infrequently used online accounts.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"78 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"57","resultStr":"{\"title\":\"Usability and security evaluation of GeoPass: a geographic location-password scheme\",\"authors\":\"Julie Thorpe, Brent MacRae, Amirali Salehi-Abari\",\"doi\":\"10.1145/2501604.2501618\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We design, implement, and evaluate GeoPass: an interface for digital map-based authentication where a user chooses a place as his or her password (i.e., a \\\"location-password\\\"). We conducted a multi-session in-lab/at-home user study to evaluate the usability, memorability, and security of location-passwords created with GeoPass. The results of our user study found that 97% of users were able to remember their location-password over the span of 8-9 days and most without any failed login attempts. Users generally welcomed GeoPass; all of the users who completed the study reported that they would at least consider using GeoPass for some of their accounts. We also perform an in-depth usability and security analysis of location-passwords. Our security analysis includes the effect of information that could be gleaned from social engineering. The results of our security analysis show that location-passwords created with GeoPass can have reasonable security against online attacks, even when accounting for social engineering attacks. Based on our results, we suggest GeoPass would be most appropriate in contexts where logins occur infrequently, e.g., as an alternative to secondary authentication methods used for password resets, or for infrequently used online accounts.\",\"PeriodicalId\":273244,\"journal\":{\"name\":\"Symposium On Usable Privacy and Security\",\"volume\":\"78 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-07-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"57\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Symposium On Usable Privacy and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2501604.2501618\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Symposium On Usable Privacy and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2501604.2501618","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Usability and security evaluation of GeoPass: a geographic location-password scheme
We design, implement, and evaluate GeoPass: an interface for digital map-based authentication where a user chooses a place as his or her password (i.e., a "location-password"). We conducted a multi-session in-lab/at-home user study to evaluate the usability, memorability, and security of location-passwords created with GeoPass. The results of our user study found that 97% of users were able to remember their location-password over the span of 8-9 days and most without any failed login attempts. Users generally welcomed GeoPass; all of the users who completed the study reported that they would at least consider using GeoPass for some of their accounts. We also perform an in-depth usability and security analysis of location-passwords. Our security analysis includes the effect of information that could be gleaned from social engineering. The results of our security analysis show that location-passwords created with GeoPass can have reasonable security against online attacks, even when accounting for social engineering attacks. Based on our results, we suggest GeoPass would be most appropriate in contexts where logins occur infrequently, e.g., as an alternative to secondary authentication methods used for password resets, or for infrequently used online accounts.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
