In this paper the authors explore heuristic attacks against graphical password generators. A new trend is emerging to use user clickable pictures to generate passwords. This technique of authentication can be successfully used for - for example - operating system authentication. They report on the development of a generic tool for password generation using such a graphical click-driven interface. This stand-alone tool can be used for generating passwords on the fly. They describe the approach and the usability of such a project. The project is available as an open-source project. Next they investigate heuristic attacks against such generated passwords. By using a classifier methodology it is possible to develop specific attack-scenarios based on the category. Specific heuristic attacks are used to reduce the key-space such that brute-force cracking approaches become feasible. They report on these heuristic attacks and their success. Lastly they give criteria for images that should be used in such password generation applications to avoid these types of heuristic attacks.
Reference:
Peach, S, Vorster, J and Van Heerden, R. 2010. Heuristic attacks against graphical password generators. Proceedings of the South African Information Security Multi-Conference, Port Elizabeth, South Africa, 17-18 May 2010, pp 13
Peach, S., Vorster, J., & Van Heerden, R. P. (2010). Heuristic attacks against graphical password generators. http://hdl.handle.net/10204/4487
Peach, S, J Vorster, and Renier P Van Heerden. "Heuristic attacks against graphical password generators." (2010): http://hdl.handle.net/10204/4487
Peach S, Vorster J, Van Heerden RP, Heuristic attacks against graphical password generators; 2010. http://hdl.handle.net/10204/4487 .
Author:Vorster, J; Van Heerden, Renier PDate:Mar 2015Graphical passwords schemas are becoming more main-stream. There are many different approaches to graphical passwords, each with its own drawbacks and advantages. There has been many studies to suggest that graphical passwords should be ...Read more
Author:Van Heerden, Renier P; Vorster, JSDate:Mar 2009The use of passwords has become endemic in everyday life, and passwords have penetrated most aspects of modern life. The purpose of this paper was to investigate the types of information that can be deduced from password lists, where such ...Read more
Author:Vorster, JS; Van Heerden, Renier P; Irwin, BDate:Aug 2016Conventional (text-based) passwords have shown patterns such as variations on the username, or known passwords such as ”password”, ”admin” or ”12345”. Patterns may similarly be detected in the use of Graphical passwords (GPs). The most ...Read more