Jan 13 2009
Daniel LeBlanc, MA
Daniel LeBlanc’s MA thesis was accepted today: congratulations Dan! He begins his PhD work immediately, continuing to work on usable security.
Dan’s thesis was entitled “Can Preselection Gaze Distribution Statistics Predict Graphical Passwords?”, and the abstract is as follows:
Graphical passwords are a new method of authentication of much interest to researchers due to the potential for better usability and security. This thesis first introduces past research on usability and security issues relating to graphical passwords. The thesis then presents a study to investigate a possible weakness in a particular approach to click-based graphical passwords, whether eye gaze information may assist attackers in guessing passwords.
An experiment was conducted using a graphical password software application and an eye tracker. The experiment tested whether gaze patterns from a small set of participants resembled user click patterns in password choices. The gaze patterns did resemble the click point patterns, so gaze data would offer attackers an advantage over guessing at random. Gaze data could potentially be gathered without explicit interaction by participants, suggesting this could pose an attractive strategy for attackers.