The Hot-Spots Problem in Windows 8 Graphical Password Scheme
Various graphical passwords have been proposed as an alternative to traditional alphanumeric passwords and Microsoft has applied a graphical scheme in the operating system Windows 8.As a new type of password scheme, potential security problems such as hot-spots may exist.In this paper, we study user choice in Windows 8 graphical password scheme by both lab and field studies and analyze the hot-spots caused by user choice.Our analysis shows that there are many significant hot-spots in the background image when users set their passwords using Microsofts guidance.Then, based on the data of field study, we conducted a simulated human-seeded attack to prove our conclusion.The success rate of 66.69% and 54.46% also provide strong proof of the hot-spots in Windows 8 graphical password scheme.Finally, we designed a simulated automated attack and obtained a success rate of 42.86%.
graphical password hot-spots Windows 8 security
Haichang Gao Wei Jia Ning Liu Kaisheng Li
Institute of Software Engineering,Xidian University Xian,Shaanxi 710071,P.R.China
国际会议
The 5th International Symposium on Cyberspace Safety and Security ( CSS2013)(第五届国际网络空间安全和安保研讨会)
张家界
英文
349-362
2013-11-13(万方平台首次上网日期,不代表论文的发表时间)