Use this URL to cite or link to this record in EThOS:
Title: Exploring human factors issues & possible countermeasures in password authentication
Author: Zakaria, Nur Haryani Binti
ISNI:       0000 0004 2739 9496
Awarding Body: University of Newcastle Upon Tyne
Current Institution: University of Newcastle upon Tyne
Date of Award: 2013
Availability of Full Text:
Access from EThOS:
Access from Institution:
This thesis is concerned with usable security. It describes a series of experiments to understand users’ behaviour in the domain of password authentication. The thesis is comprised of two parts. Part 1 reports on experiments into how different persuasion strategies can be used to increase the strength of users’ password. Existing research indicates that the lack of persuasive elements in password guidelines may lead to a lack of motivation to produce strong passwords. Thus, an experimental study involving seventy-five participants was conducted to evaluate the effectiveness of a range of persuasion strategies on password strength. In addition this experiment explores how personality variables affect the susceptibility of users to persuasion. The results showed that passwords created by users who received password guidelines that include a persuasion strategy produce stronger passwords than a control group. In terms of the personality variables, the result shows that there are certain personality types that tend to produce slightly better passwords than others; but it is difficult to draw a firm conclusion about how personality affects susceptibility to persuasion. The second part of this thesis presents an innovative alternative to text-based passwords, namely, graphical password schemes. Graphical passwords take advantage of the superior ability of humans to remember graphics and pictures over text and numbers. Research shows that graphical password schemes are a promising alternative, but that they are susceptible to shoulder surfing attacks, resulting in scepticism about adoption. Thus in part 2 of the thesis, three innovative shoulder surfing defence techniques are proposed and implemented in a small-scale prototype with a specific focus given to one type of graphical password; The Draw-A-Secret (DAS) scheme. The results of two separate experimental studies involving sixty-five and thirty participants respectively to evaluate the proposed defence techniques from the perspectives of security and usability are presented. The results show that the technique which, on theoretical grounds, was expected to be quite effective, provides little protection. A second technique which did provide the best overall shoulder surfing defence; created usability problems. But a third technique provided a reasonable shoulder surfing defence and good usability simultaneously; a good balance which the other two techniques did not achieve. The proposed defence techniques and experimental results are directly relevant to other graphical password schemes of the same category with slight modification to suit the requirements of the scheme intended. In summary, the thesis contributes to the discussion of some key usability problems which exist around password authentication domains. All the proposed countermeasures are evaluated through a series of experimental studies which present several intriguing discussions and promising findings.
Supervisor: Not available Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available