Popular Posts

  • IT Auditing at ADM
    This past Tuesday December 3rd, 2013 we had two  guest speakers from ADM , Gary Hotwick and Wayne Sharp. Gary is a Millikin Grad who graduat...
  • Security of Picture Gesture Authentication
    When windows 8 was introduced it came with a new form of password security with the picture  gesture authentication. With time we realize...
  • Linux vulnerability
    The Linux operating system has a vulnerability within it for the past two years, it gives "untrusted" users with restricted accoun...
  • Adobe Data Breach
    Adobe systems recently confirmed that it's network was breached during an attack in which 2.9 million of their customers had their infor...
  • Database Security Vunerabilities
    There are certain common and serious database vulnerabilities that most businesses that deals with data should know of. Cyber attack has bee...
  • Linux is more Secure than Windows
    For small businesses or organizations that are lacking dedicated IT security staff using Linux can be very beneficial. There is a saying wit...
  • Internet Explorer Zero-Day
    There is a zero day flaw in Internet explorer, this impacts all versions of the browser but it seemed as though criminals are more focused ...

Sunday, September 8, 2013

Security of Picture Gesture Authentication

When windows 8 was introduced it came with a new form of password security with the picture gesture authentication. With time we realized that text passwords was not really overly secure, but with the Microsoft gesture authentication they promise a secure form of security. Your system cannot just be run through a database with words until the right one works. Picture authentication gives us a unique way of locking our systems, the pictures we use are unique, the gestures we make are also unique.

Though this gives us the opportunity to run freely with it and do something more personable it is becoming a problem as researchers notice that the gestures and pictures have a similar trend to it. Most users would choose the tap, tap, tap gesture and one of those will be the eye. it has become the most insecure and easiest to crack according to research.

Picture Gesture Authentication on Windows 8
Researches from Arizona State University, Delaware State University, and GFS Technology inc developed an attack framework and attack models. They found that people mostly choose one of their own photo instead of the one's they have been provided with. The relationship between background pictures and user's identity, personality, or interest with 60% of users selecting area are on an image where special object are located. Based on how long they take to setup the password, users most often will either circle a face, tap an eye or nose, and connect lips on pictures with faces. Now for the pictures without faces mostly spacial objects will be selected or connected.

The attack framework developed by the researchers got so advance to the point where it was capable of cracking passwords on previously unseen pictures in the picture gesture authentication system. This research will be presented to Microsoft so that they can find controls to ensure that their systems and their users are safe. Also to maybe revisit the rules and procedure on the picture authentication and run some testing to see where they can potentially improve and by how much they can improve.


http://www.networkworld.com/community/blog/researchers-develop-attack-framework-cracking-windows-8-picture-passwords?page=0%2C0
Posted by at
Labels: ,

1 comment:

  1. UnknownSeptember 9, 2013 at 6:35 PM

    I found it interesting that so many people used the same authentication gesture. I agree that more testing should be done to ensure that this is a viable technology. A lot of advice exists on how to create secure text passwords. Do you have any thoughts on how to improve the security of passwords if gesture authentication is pursued in the future?

    ReplyDelete

Subscribe to: Post Comments (Atom)