Bachelor project Cued Click-Point Memorabil- ity

(1)

Bachelor project

Cued Click-Point

Memorabil-ity

(2)

Abstract

The Safety of passwords has been in question for over 40 years, long be-fore the Internet. While improvements have been made to ensure security nothing has changed with passwords since the emergence of the Internet. Passwords need to be long and complex to be secure and users should not reuse their passwords. In a world where there are thousands of services on the internet requiring authentication to keep passwords safe users will have to remember a lot of passwords. Studies show however that users are prone to both create bad passwords but to also reuse their passwords on different sites. A lot of different alternatives to passwords has been proposed but none has become dominant. Is there a good alternative to text-based passwords? Can a graphical password be that alternative? The purpose of this thesis is to create a prototype of a CCP-like system and to conduct a memorability and usability test with it. The test results suggest that CCP is easy to use for users new to the concept of graphical passwords. A CCP-password also seems memorable with most participants recalling their passwords after a week with ease. PCCP can be a good substitute for passwords since it is easy to use, easy to remember and potentially more secure than text-based passwords.

(3)

Acknowledgements

(4)

1 Introduction

1.1 Background

In todays society it is very common for users to use many different Internet services. These services almost exclusively use password-authentication. To fulfil satisfactory security level the user needs to use different credentials1 to authenticate to each of these services. Additionally the credentials must be complex enough to prevent most of the common techniques used to compro-mise user data and login information.

Studies show however that the average users password practices are lacking in either reuse of the same credentials, password aren’t complex enough or both [1].

There are also cases where satisfactory passwords are being used but due to inability/unwillingness to memorize the password it is written down, negat-ing the security of a complex password. To counter this companies have begun to use physical tools to ensure security such as smart-cards, One-time passwords sent by messages or security tokens. This method is just a band aid and does not solve the initial problem with bad passwords. These extra security measures also makes it harder and less accessible for users, it would for example be acceptable to use security tokens to access your bank account because the user would feel it needs to be secure but it wouldn’t be accept-able to need an extra physical thing to access a social media site.

The purpose of this thesis is to investigate current authentication systems from a user perspective and to present a prototype of an authentication sys-tem that solves some of the major problems of password authentication. 1.2 Previous Research

(6)

The primary idea behind graphical passwords is the idea that humans remem-ber pictures better than words. There has been research done by Kirkpatrick[7], Craik and Mcdowd[8] and Nelson, Reed and Walling[16] some done even be-fore 1900s and have continued to present day. Other relevant memory-related research has been done by Murre and Dros[25] who did a replication of Her-mann Ebbinghaus’ Forgetting Curve.

There have been a plethora of different graphical passwords suggested as a replacement to text-based passwords. Some that will be looked into are Pass-Go by Tao[9], Passfaces from the Passfaces Corporation[10], PassPoints by Wiedenbeck, Waters, Birget, Brodskiy and Memon[13], Cued Click-Points (CCP) by Chiasson, Oorschot and Biddle[14] and its spawn Persuasive Cued Click-Points (PCCP) by Chiasson, Forget, Biddle and Oorschot[15]. Some research has been done evaluating popular graphical passwords like Passfaces done by Valentine[11] and Brostoff and Sasse[12]

1.3 Problem definition

Passwords have been seen as a fairly bad authentication method for a long time now and many different approaches to this problem have been proposed. Some suggestions has been completely new systems of authentication and others have been to enforce strict password policies. None has managed to become dominant but many suggestions has entered in the open like enforcing users to have passwords of a certain length and with certain characters or the use of external objects instead of passwords. Is there an alternative to text-based passwords in the plethora of suggested authentication systems and can a graphical password be a good alternative?

1.4 Aim

Out of the many different alternatives to text-based passwords that exists the one that seems to have the most potential is a graphical authentication system based on Cued Click-Points (CCP). The purpose of this thesis is to create a prototype of a CCP-like system and to conduct a memorability and usability test of it.

1.5 Limitations

(7)

to completely replace text-based passwords but to provide an alternative to decrees the amount of needed text-based passwords.

1.6 Outline

This thesis consists of three parts. The first is an analysis of the evolution of passwords as an authentication method and the current state of user authen-tication. The second part is a program that simulates a graphical password authentication method. This program is later used as a tool in the third part, which is an experiment.

To make the first part I found relevant studies on the database ”Upps¨ok” using the keywords ”User Authentication” and ”Password Security” and fol-lowed their references and found more studies.

(8)

2 Information Security

Ever since the ancient times information has been a valued resource and the need to keep certain information from spreading to an enemy or a competitor has not changed.

The key concept of information security lies in the CIA triad, Confidentiality, Integrity and Availability.

Confidentiality means that only the people who are authorized to the in-formation can access it. This is often reached with data encryption that can only be read by authorized entities.

Integrity is to ensure that the information they see is the correct informa-tion and that it has not been altered in transiinforma-tion by human or non-human means.

Availability ensures that the information will be available to entities when they need it.

2.1 Authentication

To have confidentiality there must be a way to authenticate if a person is who he claims to be. This is often done by a unique identifier like a user ID and a password. The password can be substituted for either something you have, something you know or something you are, or a combination of two or three of them.

Something you have entails smart cards or security tokens. Something you know entails passwords or personal identification numbers (PIN). Something you are entails biometrics data such as fingerprints or retinal scanners. The combination of two or more of these authentication methods are called multi-factor authentication and is getting more popular in services that re-quire higher security such as banks and electronic IDs.

2.2 Security Token

A security token is a physical object that is used to increase security when authenticating to a service.

A security token can be a smart card that together with a smart card reader authenticates the user but it can also be a tiny device that gives you a number that you enter when you login. Many security tokens are combined with PIN for increased security.

(9)

A security token doesn’t necessarily have to be a separate physical thing but could be an application on a computer or a mobile device, these are called software tokens and are easier to use since the user already has access to it. A software token program can be less secure than a physical token since the device the token is installed on might become compromised by malware. 2.3 Smart Cards

Smart cards are cards with a chip where information is stored. Smart cards have been used since the 80s as telephone cards but it is now widely used for many different uses such as credit cards, access cards and in ID cards. The chipset in a smart card is a tiny computer composed of a Reduced Instruction Set Computing-processor2 _{(RISC) with a memory and can only}

handle very simple commands depending on the cards supposed use. The information that is stored in the smart card can be ID-photos, fingerprints and passwords for authentication to gain access to systems or doors.[21] Smart cards are often used for authentication in organisations that require a high level of security such as healthcare. Smart cards are also used to login to some banks Internet services and in some countries as electronic ID. 2.4 Certificates and BankID

To send messages over the Internet can be risky since you never know who might be listening in on the communication. To communicate over the In-ternet PKI is often used to achieve confidentiality. PKI stands for Public Key Infrastructure and it is a system where a Certificate Authority gives out certificates that guarantees that a site or service is who it claims to be. PKI uses asymmetric encryption that makes it possible for a user to determine that the message just received is from who it is supposed to be from and that the integrity of the message can be trusted.

An authentication method that works in a similar way to PKI is used in Swe-den and Norway that is facilitated by some banks called BankID. BankID is a form of e-identification where you download a program and create a certificate and password that the user then can identify himself in a simi-lar fashion to PKI. BankID is a form of multi factor authentication because it uses something you have (the certificate) and something you know (the password).

(10)

2.5 Biometric Authentication

Biometric authentication is when you authenticate with something you are instead of something you have or know. Biometric authentication in the form of face-recognition and voice-recognition has probably been used since the dawn of man to identify people and is still the most used ”authentica-tion” method today. When it comes to digital media both face-recognition and voice-recognition is harder to use since it require a somewhat high mar-gin of error that both faces and voices can change enough between uses.[22] The most common biometric authentication method for digital media is fin-gerprint and retinal-scanners3_{. This is because fingerprints and retinas are}

relatively unique and does not change easily. The technology for fingerprints has also been around for a long time and its frequent appearance in media has made it very ”popular”.

It has not been all that accessible for a user to privately use biometric au-thentication because the security of the hardware has been lacking and it has been expensive. However now fingerprint scanners are quite inexpensive and small and it has started being used in laptops and smartphones. Even exter-nal readers have become cheap and most operating systems have software to handle it without much hassle.

(11)

3 Passwords

The most used form of authentication on the internet is passwords. This is because it is easy in its concept and easy to implement. In essence a password is a set of letters, numbers or special characters that combined form a hope-fully hard to guess password. It is documented that passwords have been used for computer security since the 1960s. In the ”Programmers Guide” for MITs Compatible Time-Sharing System (CTSS) they state ”When a user logs in, he types his problem number and last name. The combination of problem number and last six characters of the last name is neither unique nor secret. A six character secret password is therefore requested...” It can be determined from the extract that not only did they use passwords but they also used a form of user-name in combination with the password. The cur-rently most used authentication form can thus be traced back to the 60s.[20] Despite being the most used authentication method, passwords have had, and still have, some major flaws. These flaws and how to fix them have been debated for more than 40 years, most suggestions have been made from the perspective of either a company or administrators of a system and have been focused more on technical aspects. Some of the flaws of passwords are created by bad design such as plain text password files [2] and other flaws stems from the fact that users prefer simple passwords over secure ones.[5] 3.1 Technical Improvements and Passwords

Due to some technical issues causing the whole password-file to be printed Wilkes suggested in 1968 that one should encrypt each password and just store the encrypted passwords, this would make it harder to get a hold of other users’ passwords.[2]

In 1979 Morris et al audited the security of passwords chiefly in Unix systems and proposed that not only should passwords be encrypted but they should also be salted, making it harder to crack encrypted passwords if someone were to use dictionary attacks. They also suggest that when users create passwords they should be forced to either create longer passwords or pass-words with characters of both upper- and lower-case.[3]

(12)

3.2 Password Complexity

Originally passwords were short, considering MITs CTSS from above, their passwords were just six characters long. This probably felt like a good enough policy at a time when people didn’t have personal computers. Six characters is not that hard to remember and there would be over 300 million different character combinations only with either lower case or upper case, making it infeasible to guess someone else’s password. This however changed with faster computers and better understanding of how users create their pass-words. With the improvement of the speed of computer hardware, compa-nies were forced to create more elaborate password policies to ensure stronger passwords. Some policies can enforce the user to have at least one upper case letter, one lower case letter, one number and one special character. While these kinds of enforcements can be a good way to improve security it also lim-its the amount of possible passwords. Though lowering the possible amount of passwords is often deemed more secure to enforce users to create more complex passwords than letting them choose by themselves.

It is very common even today that users will use names or words that mean something to them if not forced to use more complex passwords. Not only does this make a password weak because it could become easier to guess, but having passwords consisting of words or names makes them extremely easy to crack with dictionary-attacks. Another problem with complex passwords are that it gets harder to remember the password and some users will thus write it down, effectively nullifying the purpose of the password. Schneier writes about users: ”If you ask them to choose a password, they’ll chose a lousy one. If you force them to choose a good one, they’ll write it on a Post-it and stick it on their computer monitor.”[5]

3.3 Reusing Passwords

(13)

In today’s society it is normal for people to use several different internet services that require authentication. This might not be a huge problem for users if they only use a few services but if a person uses 20 different services. It would be unreasonable to expect users to keep that many unique and satisfactory passwords and as many surveys have shown, most reuse their passwords.[6][19][23]

The danger of reusing passwords are that if you use a password only once on an insecure site, that password is compromised. Even if you use a password on a site that would be deemed secure it can quickly become insecure due to crackers4 getting their hands on the password files. Just a couple of years ago there were a lot of ”break-ins” of internet services where a lot of passwords got compromised because crackers got a hold of users passwords.

Adding the widespread use of smartphones into the equation, users are even less likely to use complex passwords because typing in them would take a lot of time and even for regular smart phone users it’s hard to always hit the right ”key” without a tactile feeling of the keys. This results in easily crackable passwords possibly minutes after a password file becoming compromised. 3.4 Password Managers

To prevent the trend of reusing the same passwords for several services and the problem of memorizing unique and complex passwords to all different services many security minded users have started to use password managers. A password manager is a program where you can store a lot of passwords so the user does not have to memorize many long and complex passwords. To access these passwords the user only needs to know one password.

Password managers is not a new thing however, already in the 1990s a similar concept was used in a plug-in to Apple’s mail system PowerTalk. This later gave birth to Apple’s password manager Keychain.[26]

Password managers suffers the same security problems all passwords suffer from, the need for the master password to be long and complex enough to be hard or improbable for a potential attacker to crack or guess. A system is only as safe as the user, if the master password is not good enough a potential attacker can gain access to all passwords stored in the password manager. Password managers are often saved on a user’s computer but there are pass-word managers that are saved on USB-sticks or on servers that users can connect to.

(14)

3.5 Third-party Authentication

An alternative to improve the life of users so they do not have to use as many different authentication credentials is to use third-party authentica-tion. With third-party authentication the user can use one authentication service to authenticate to several different services instead of having one unique set of credential for each service. This helps a lot with the problem of creating and remembering many different unique authentication credentials which might make more users more inclined to create better passwords. For third-party authentication to be a good alternative users need to make sure their passwords are good enough since there’s a chance of even greater dam-age if the password is cracked. While third-party authentication has become more prevalent lately there is still not many services that make use of it. One of the most used third-party authentication methods is OpenID which works as an authentication service. Similar services are OAuth that is an authorisation service. While OpenID signs you in through a third-party ser-vice, OAuth instead gives out certain information to the service you want to ”authorize” to.

3.6 Limitations and weaknesses

Most weaknesses of text-based passwords are that users are unwilling to create good passwords. Either users create weak passwords or they are forced by policies to create very complex long passwords but ends up writing them down instead. If they don’t write the long complex passwords down they fail to recall them when they need it.[5]

With so many services needing passwords many passwords are not just weak but they are reused again and again.[19] This can create a domino effect where one set of credentials are discovered and the use of those makes it possible to crack into other systems as well.[18]

(15)

4 Graphical Passwords

The idea of pictures being easier to recall than words is nothing new. E.A. Kirkpatrick conducted a test on school and college students in 1894 where the students were given ten words verbally, ten words written down and ten physical objects. The students then wrote down the words or things they recalled after each set of ten words. The results of Kirkpatrick’s test showed that the students easier recalled the objects they were shown instead of the words read or heard.[7]

This idea has sprung many different graphical authentication systems, of which most can be group into either recall-based, recognition-based or cued-recall systems.

Recall-based authentication systems are similar to text-based passwords in that they require the user to recall something from their memory. Craik and McDonald concluded in their paper about age differences in recall and recognition that ”recall tasks demand more processing resources than do recognition tasks”.[8] A recall-based graphical authentication can today be used for both Android and Blackberry smartphones to unlock the screen. They both use a form of Pass-Go, a system where you draw lines through nodes to create a pattern.[9]

Recognition-based authentication systems tends to present the user with sev-eral different options of pictures and the user will have to select the ones he recognize as his own pictures. The predominant recognition-based system is Passfaces where you are presented with nine faces, one of which is the cor-rect one. The thought is that the user will be able to recognize the face that belongs to him.[10] Several studies has been made to test how memorable passfaces are and they show that most users will remember their ”faces” even after long periods of time.[11][12]

Cued-recall systems based on the theory that a picture will help the user to recall their password. PassPoints is the most usual cued-recall based authen-tication system. It works by showing the user a picture and he then clicks on five points in the picture in a specific order. [13]

4.1 Cued Click Points

(16)

Compared to other cued-recall systems such as PassPoints, CCP makes it easier for a user to recall their ”password” since there will only be one click point per picture to remember.

A problem with qued-recall graphical passwords are hot-spots. A hot-spot is a point in a picture that is more likely to be chosen.

The function of different pictures depending on where on the picture the user chooses makes hot-spots less of an issue since an attacker would have to find hotspots in all of the pictures. According to Chiasson et al other cued-recall systems such as PassPoints are more susceptible to hot-spots than CCP be-cause they only use one picture per user and there are thus less hot-spots to choose from as an attacker. Additionally the changing of pictures makes it easier for a user to enter his password whilst an attacker would have no benefit from the system.[14]

Chiasson et al suggested in 2008 an improved version of Cued Click Points that they called Persuasive Cued Click-Points. They suggests a system that makes secure passwords easier to make than simple passwords. This is ac-complished by adding a transparent veil over all but a small part of the picture when creating the password. The user can not select a spot obscured by the veil. The completely visible part is selected at random and the user can shuffle it to another random location on the picture at will. By doing this hot-spots can be almost eliminated. The user can still possibly choose any spot of the picture but will be forced to keep shuffling the visible part until it no longer conceal it. Since users tend to be lazy when choosing their passwords the idea is that by being forced to keep shuffling until they get to the spot they want, they will end up choosing based on where they are randomly assigned instead of shuffling repeatedly.[15]

(17)

5 Method

In this chapter the concept of the CCP prototype will be described in first a comparison to the original CCP by Chiasson et al. [14] After that a written account of the program code and a description on how the program will work from a users point of view.

Lastly, a definition of what the experiment will entail. 5.1 The Program

The program is based on CCP. It consists of a picture where the user choose one point in that picture and are then shown the next picture where he repeat that process until finished. In the original CCP by Chiasson et al [14] they based their point in the picture by what pixel the user had chosen and accepted all pixels in a 9 pixel radius. In the grid-based CCP prototype I have, the user instead choose a point in the picture. This point lies within a box in the grid and will represent one part of his password. In the prototype there are no difference in what box the user take in regards to what picture is shown next. The CCP system Chiasson et al. proposed displayed different pictures depending on if the user chose within the accepted radius of the pixel he originally chosen or not. This was to immediately tell the user if he had chosen right in the previous picture and to reduce the original problem with hot-spots that CCP had. PCCP makes the hot-spot problem almost non-existent and the user-friendliness of knowing if you’ve chosen the right ”path” on your password makes shoulder surfing a serious threat. Anyone who knows what pictures are correct can just go back and forth between two pictures until he gets the right one. One more point that needs to be counted is the hundreds, if not thousands of pictures that is needed to make the different picture-paths work. Either you will need to have them all stored locally or they would have to be downloaded. Either alternative are not very efficient. In the way proposed by Chiasson et al. the ”correct” picture-path would also need to be stored on the server, making the system a lot more vulnerable to attack. The lower number of pictures makes it easier to have higher quality pictures and together with the persuasive veil from PCCP hot-spots will not be a big problem.

By using a grid-based system the prototype consolidates all the coordinates into a password that can be stored and used similarly to how text-based passwords work and are stored now.

(18)

5.1.1 Implementation

The program works by creating a ”GridLayout” in JFrame. By creating first a JLabel and setting its background and then a grid with transparent buttons you get an interactable picture.

The program has a menu of sorts where the user chooses whether to create a new user or to login with an existing user.

The two buttons in the menu starts the program by removing all objects and changing to a new background picture and draw up a new grid with X times Y squares. The only difference between the two menu buttons are the value 1 or 0 that is sent into the same method.

In each grid square a new transparent button is created. Each button is given a name consisting of the X and Y coordinate of the button. This name is later used when constructing the password.

Each time a button is pressed two things happen, First the name of the button is added to the end of the password string and second the background picture is changed. If there are no more pictures left in the background picture array another check is done in order to either create a new user or to check if the user exists and if the password is correct.

If the ”login” option was chosen in the menu a method is called that reads the password file and check if there are a user with the entered name and if there are, check if the password entered is correct.

If the ”create new user” option was selected the username is entered in the password file together with the password.

5.1.2 User Perspective

From a users perspective, when the program is started the user is prompted to enter a username and to either create a new user or to login (see Fig. 5.1). The process for the user will be the same with both options but the result will either be that the program adds the new user to a text file or the program checks if the user exists and checks if the entered ”password” is correct.

(19)

Figure 5.1: Here are the menue where the user choose if he wants to create a new user or login with an existing user.

(20)

5.2 The Experiment

A test was conducted to see how users with no prior experience of graphical password would handle the new type of passwords. Would they manage to remember their password and would they form some kind of remembrance scheme to help them remember the password? The test was to be conducted on two occasions and consist of three parts, the first part was creating the password, the second part was the first real test and was conducted a couple of hours after creating their password. The third part was the second test, approximately one week later. Due to the time disparity of the two tests half of the first tests participants did not participate in the second test.

The first test was conducted with 23 participants with ages ranging from 16 to 85. The participants were also of varying degree of computer skill with some being almost completely beginners and others with rather good com-petence.

The participants were told in groups about what graphical passwords were and how the one they were about to try worked. They did the tests sepa-rated from each other and before creating their passwords they were asked to view it as a real password, not to make it obvious but to make sure they can remember it. After they had created their password (as told above) they were asked to login with that password. If they failed to login they were asked to create a new password and this process would be continued until they remembered their password.

After the participant had created their password they were asked if they had any special theories of why they chose the passwords they chose.

A couple of hours after creating their passwords the participants were asked to login again. This was the first test. Each participant had three tries to enter the right password before the test was done.

(21)

6 Results

23 test participants created a password; 5 of them had to create a new pass-word because they could not re-enter their passpass-word after creating their first. 21 of the 23 participants passed the first test which was conducted a couple of hours after password creation. 20 of these passed the test on their first try while 1 needed one retry. 2 participants could not recall their passwords (as can be seen in table 6.1).

10 of the 12 participants passed the second test; 1 participant had to retry his password once and 2 failed to recall their passwords (see table 6.1). The two participants that failed the first test was shown what their pass-word was after their third try and successfully entered their passpass-word on their fourth try. One of them participated in the second test but he was not able to recall his password. He is displayed bellow with a parenthesis. Table 6.1: Test Results

Test First Try Second Try Third Try Failed

Test 1 20 1 - 2

Test 2 9 1 - 1(1)

The participants who failed on either of the tests did so on the same two pictures. Picture number 4 and picture number 5 on the test had some very similar qualities and it seemed to confuse some participants. This is in ac-cordance with Nelson et al research on ”pictorial superiority effect” where they noticed that the more similar two pictures are the less likely they will invoke the ”correct” memory.[16] While only three failed any of the tests, others had noticeably harder to recall what they had chosen on those two pictures too.

Types of remembrance schemes:

Every participant was asked after they created their password what they looked for when choosing a spot in a picture. All participants but four used one of two types of schemes.

(22)

them. This scheme was used by 8 of 23 participants. The parts of the pic-tures they chose could be a limb or some pattern that caught their attention when seeing the picture.

4 of the 23 participants did not use any of the two above schemes. Two said they tried to chose something that was not obvious in a way to refrain from choosing hot spots. One said that she did not think of anything special when she chose and the last one used a chant to keep track of her password. The participants who did not successfully recall their passwords were all us-ing the ”somethus-ing that stood out” scheme.

(23)

7 Discussion

One of the most important parts about a new authentication system is that users deem it easy to use and secure. If the suggested system is not as flexible as text based passwords or as easy to use while at the same time more secure, users will not accept it.

The test in this thesis was a usability and memorability test because the previously conducted tests on CCP/PCCP did not answer some questions. Creating a password and remembering it for five minutes and then repeat for an hour says nothing about their memorability. PCCP might be a great system to replace text-based passwords but the tests conducted by Chiasson et al. did not simulate a real world scenario.[14][15] For a user to manage to remember a password created five minutes ago is no feat, to remember it a week later without repetition however are a bit harder.

There have been many instances where I have created a password for a site and only used it once and then it went more than a week until the next use. The reason the second test was only a week after creation was because I thought the participants would have a hard enough time remembering their passwords after that amount of time. I was proved wrong however.

(24)

I’ve presented in this thesis could easily be as strong or even stronger than a equally long text-based password if you expanded the grid to 10 by 10. What you get from the prototype I presented is a CCP based authentication system that essentially creates a password out of coordinates in a grid.

Some things was noticed while conducting the tests that could have been better. Larger grid, the grid in the test was 6 by 5. This could have easily been 10 by 10 without making the test any harder for the participants. Six pictures could have been increased to eight. Together with the above larger grid this would have made the password equal or stronger than what most password policies demands.

(25)

8 Conclusions

The aim for the experiment conducted was to see if people who had no prior experience with graphical passwords could use the prototype, to create a password and then remember that password.

The test results were very positive towards CCP-based passwords. Initially the participants seemed hesitant but interested as they had only had a very brief explanation to what they were supposed to do before creating their passwords. Considering that 90% of the participants successfully managed to create and then remember their password both the first test and the sec-ond test I think the experiment was a success.

Potential future work could be improvement to the prototype or to conduct larger tests. To implement the persuasive part of PCCP to the prototype would be a good idea too see the difference it would make for users. An addi-tional improvement to the prototype that wouldn’t necessarily change much from a users point of view would be to implement a hashing functionality to the program.

(26)

References

[1] S. Gaw, E.W. Feltenin, ”Password management strategies for online ac-counts,” Dept of Computer Science. Princeton Univ, Pittsburgh, Penn-sylvania, 2006.

[2] M.V. Wilkes. Time-Sharing Computer Systems. New York, American El-sevier, 1968.

[3] R. Morris and K. Thompson, ”Password Security: A Case History,” Bell Laboratiries, Murray Hill, NJ, Nov. 1979.

[4] David C. Feldmeier, Philip R. Karn ”UNIX Password Security - Ten Years Later”, Bellcore, Morristown, NJ, 1979

[5] B Schneier. ”Identification and Authentication,” in Secrets and Lies: Dig-ital Security in a networked world. Indiana, Indianapolis: Wiley, 2004. [6] E. Arvidsson, H. Eriksson and J. Ner´en ”S¨akerhetsmedvetenhet”, 2013. [7] E.A. Kirkpatrick. An experimental study of memory. 1894. Psychol. Rev.

1, 602-609.

[8] F. Craik and J. McDowd. Age differences in recall and recognition. 1987. J. Exp. Psychol. Learn. Memory Cogn. 13, 3, 474-479.

[9] H. Tao, C. Adams, ”Pass-Go: A Proposal to Improve the Usability of Graphical Passwords.” M.S. thesis, School of Information Technology and Engineering, Univ. of Ottawa. Ottawa, Ontario, 2007.

[10] Passfaces Corporation. (2009). The science behind Passfaces. White papers.[Online]. Available: http://www.passfaces.com/enterprise/ resources/white_papers.htm.

[11] T. Valentine. ”An evaluation of the Passface personal authentication system.” Dept. of Psychology, Goldsmiths College Univ. of London, Lon-don, UK 1999.

(27)

[13] S. Wiedenbeck, J. Waters, J.C. Birget, A. Brodskiy, N. Menon, ”Pass-Points: Design and longitudinal evaluation of a graphical password sys-tem,” College of Information Science and Technology, Drexel Univ., Philadelphia, PA, 2005.

[14] S. Chiasson, P.C. van Oorschot, R. Biddle, ”Graphical Password Au-thentication Using Cued Click Points,” School of Computer Science, Charleton Univ., Ottawa, Canada, 2007.

[15] S. Chiasson, A. Forget, R. Biddle, P.C. van Oorschot, ”Influencing Users Towards Better Passwords: Persuasive Cued Click-Points,” School of Computer Science, Charleton Univ., Ottawa, Canada, 2008.

[16] D.L. Nelson, V.S. Reed, J.R. Walling, ”Pictorial Superiority Effect,” Dept. of Psychology, Univ. of South Florida, Tampa, FL, 1976.

[17] C. Herley, P.C. van Oorschot, A.S. Patrick. 2009. ”Passwords: If We’re So Smart, Why Are We Still Using Them?,” Microsoft Research, Red-mond, WA, 2009.

[18] B. Ives, K.R. Walsh, H. Schneider, 2004 ”The Domino Effect of Password Reuse,” C.T. Bauer College of Buisiness, Univ. of Houston, TX, 2004. [19] D. Florencio, C. Herley, ”A Large-Scale Study of Web Password Habits,”

Microsoft Research, Redmond, WA, 2007.

[20] P.A. Crisman. (1969, Dec) The Compatible Time-Sharing System, A Programmer’s Guide (2nd Ed.)[Online]. Available:

https://archive.org/stream/bitsavers_mitctssCTSc69_26767392/ CTSS_ProgrammersGuide_Dec69_djvu.txt

[21] CardWerk. Smart Card Technology [Online]. Available: http://www. cardwerk.com/smartcards/smartcard_technology.aspx

[22] Anonymous. (2006, Nov 15). Comparison of the advantages and disadvantages of biometric technologies[Online]. Available:

http://biometrics.pbworks.com/w/page/14811349/Advantages% 20and%20disadvantages%20of%20technologies

[23] Z. Liu, Y. Hong, D. Pi, ”A Large-Scale Study of Web Password Habits of Chinese Network Users,” College of Information Schience and Technology, Nanjing Univ. of Aeronautics, Nanjing, China, 2014.

(28)

[25] J.M.J. Murre, J. Dros, ”Replicating and Analysis of Ebbinghaus’ Forget-ting Curve,” Univ. of Amsterdam, Amsterdam, The Netherlands, 2015. [26] Mac Developer Library. Keychain Services Programming Guide

(29)

351 95 V¨axj¨o / 391 82 Kalmar Tel 0772-28 80 00

Bachelor project Cued Click-Point Memorabil- ity