Investigating Background Pictures for Picture Gesture Authentication
Abstract
The military relies heavily on computer systems. Without a strong method of authentication to access these systems, threats to confidentiality,integrity, and availability of government information are likely to be more successful. A recent method of authentication forthe Windows 8 and Windows 10 operating systems is picture gesture authentication (PGA), a new approach to entering a password toauthenticate a user during system login. Each PGA password is composed of three gestures that are drawn over a picture chosen bythe user. Strength requirements are set for PGA passwords similarly to text-based passwords. For simplicity, users tend to use shapes,colors, and objects in a picture, called points of interest (POI), as guidance when creating each gesture for their password. This conceptprovides an opportunity for potential hackers to make logical password guesses, decreasing the security of PGA. Previous work onPGA security used a proprietary brute-force algorithm to guess passwords based on POIs. We present a similar brute-force algorithmthat is publicly available. We evaluate the efficiency of the new algorithm against various background pictures and propose strengthrequirements to improve the security of PGA.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jun 01, 2017
- Accession Number
- AD1046601
Entities
People
- Pauline Monroy
Organizations
- Naval Postgraduate School