Security Implications of Password Discretization for Click-based Graphical Passwords

Download Now
Provided by: Association for Computing Machinery
Topic: Security
Format: PDF
Discretization is a standard technique used in click-based graphical passwords for tolerating input variance so that approximately correct passwords are accepted by the system. In this paper, the authors show for the first time that two representative discretization schemes leak a significant amount of password information, undermining the security of such graphical passwords. They exploit such information leakage for successful dictionary attacks on Persuasive Cued Click Points (PCCP), which is to date the most secure click-based graphical password scheme and was considered to be resistant to such attacks.
Download Now

Find By Topic