Graphical Passwords with Integrated Trustworthy Interface

1
Graphical Passwords with Integrated Trustworthy
Interface
Patricia Lareau V P Product Management
TIPPI Workshop
June 19, 2006
2
Authentication Design Goals

• Consider Security and Usability

3
Security Requirements

• Randomly assigned
• Unique to the application
• Robust against known attacks
• Simple
• Reliable no fallback needed
• Not sharable casually or easily
• Lacks social vulnerabilities
• Useable anywhere
• Two-way AuthN

4
Usability Requirements

• Graphical User Interface
• Intuitive to use
• No user rules
• Independent of users aptitude, training or
  attentiveness
• No on-going training
• EASY to use
• Portable
• Fun!

5
Successful AuthN is Both or Neither

• Design Leverages
• Secret
• Interface
• Protocol

6
Passfaces Meets the Challenge

• Secure and Usable

7
The Secret

• Based on Cognitive Science

8
The Brain Deals with Faces Differently than Any
Other Image

• Face recognition is a dedicated process which is
  different from general object recognition.

Source Face Recognition A Literature Survey.
National Institute of Standards and Technology
9
In the Beginning
Thinking Outside of the Box Approach. Lets
Authenticate the Person

• Science has proven that we are genetically
  predisposed with a unique talent.
• We all have the innate ability to easily
  recognize human faces.
• There was a time that recognizing another's face
  could mean LIFE or DEATH.
• Today that need is not so great, but the ability
  is still there.
• There is a special place in the brain dedicated
  to facial recognition and facial recognition
  only.

10
Recall vs. Recognize
You must RECALL a password
You simply RECOGNIZE a face
Remember High School .
What kind of test did your prefer?
Multiple Choice
Fill in the Blank
1 2 3 g f w y
11
We Never Forget a Face
Think about how many people you already
recognize. Why wouldnt you remember your
Passfaces?

• Havent used Passfaces in 6 months. I decided to
  take another look at it and, amazingly, I logged
  right in!
• In one major government installation, there have
  been no forgotten Passfaces in over three years.
  The more its used, the easier it gets.

12
Our approach
Familiarize the user with a randomly-selected set
of faces and check if they can recognize them
when they see them again
Its as easy as recognizing an old friend
13
Authentication Session

• The secret is
• Random
• Easy to recognize but
• Difficult to describe/share
• No cribsheets needed
• Always Available
• Intuitive - Independent of user age, language or
  education
• Not socially vulnerable

14
The Interface

• Reinforce the Design Objectives

15
How Passfaces Works
Library of Faces
User Interface
Users Are Assigned a Set of 5 Passfaces
Typical implementation 3 to 7 possible as
standard
16
How Passfaces Works

• 5 Passfaces are Associated with 40 associated
  decoys
• Passfaces are presented in five 3 by 3 matrices
  each having 1 Passface and 8 decoys

17
New Users are Familiarized with their Passfaces

• Users enroll with a 2 to 4 minute familiarization
  process
• Using instant feedback, encouragement, and simple
  dialogs, users are trained until they can easily
  recognize their Passfaces
• The process is optimized and presented like an
  easy game

Lets Practice
Lets Practice
Action
Click OnYour Passface Its Moving (There is
only One on this Page)
18
Familiarization Puts Cookies in the Brain
Like a mindprint or brain cookie
But, unlike fingerprints, Passfaces require
no special hardware And, unlike browser cookies,
Passfaces authenticate the actual user
19
Authentication Session

• The interface
• Graphical
• Self-prompting
• User cannot choose or reuse
• NO burden of recall
• 3X3 grid
• Ergonomic
• Maps to keypad, phone, pinpad
• More entropy than a user chosen secret

20
The Protocol

• Maximize Defenses Maximize Usability

21
Configuration Data

• Grid set is random per user
• Grids need not be secret but must be correct
• AUTHENTICATION IS NOT POSSIBLE WITHOUT
  PRESENTATION OF CORRECT GRIDS
• Mutual Authentication is implicit- user
  attentiveness unnecessary
• Phishing today is stopped
• Phishing tomorrow is hard work
• Blacklisting is possible

John Doe
sparky123
22
Grid Presentation

• Multiple Grids
• Random display within grid
• Familiar order of grids for user comfort
• Library Use
• Thousands of random sets available
• Shoulder surfing deterrent
• Anti phishing strategies
• Mutual AuthN enhanced

23
A New Class of Authentication

• Passfaces represents a new, 4th class of
  authentication
• Cognometrics
• Recognition-Based Authentication

24
Thank you!
Patricia Lareau V P Product Management patricia.la
reau_at_passfaces.com 805.544.1138

• Questions?

25
Authentication Risks
Risk
Mitigation Options
26
Passfaces as Primary Factor
Inadvertent Exposure
cant be written down
shared
multiple applications
Social Engineering
phishing
pharming
phoning
Malware
Risk
key logging
Mitigation Options
screen scraping etc.
Fallback to Personal Information
attack on procedure
user habituation
not sustainable
Other
guessing
27
Random Delivery of Grids