PassTag: A Graphical-Textual Hybrid Fallback Authentication System

PassTag: A Graphical-Textual Hybrid Fallback Authentication System

연구 분야: Analysis

학회: ASIA CCS '20: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security

Designing a fallback authentication mechanism that is both memorable and strong is a challenging problem because of the trade-off between usability and security. Security questions are popularly used as a fallback authentication method for password recovery.However, they are prone to guessing attacks by users' acquaintances and may be hard to recall. To overcome these limitations, we present PassTag, a hybrid password scheme that takes advantage of both graphical and textual password authentication methods. PassTag combines a user-provided image and a short personalized text description of the image, imagetag, as an authentication secret.Furthermore, PassTag incorporates decoy images to make it difficult to guess the user-provided pictures. We conducted three user studies with 161 participants for up to three months to evaluate the performance of PassTag against security questions. The evaluation results demonstrate that PassTag is significantly stronger against close adversaries and highly memorable (92.6%-95.0%) after one,two, and three months, respectively. Our longitudinal study results show PassTag is a promising alternative for fallback authentication.