Primerjava varnosti in pomnjenja gesel: Ugotavljanje uporabnosti tradicionalne metode in metode igrifikacije

Leon Bošnjak; Viktor Taneski

doi:10.31449/upinf.176

Authors

Leon Bošnjak Univerza v Mariboru, Fakulteta za elektrotehniko, računalništvo in informatiko
Viktor Taneski Univerza v Mariboru, Fakuleta za elektrotehniko, računalništvo in informatiko

DOI:

https://doi.org/10.31449/upinf.176

Keywords:

gamification method passwords, textual passwords, password memoization, password security, statistical comparison

Abstract

Textual passwords are the most common authentication mechanism due to their ease of use and implementation, as well as high memorability. As the computer processing power continued to increase, textual passwords gradually became less secure, resulting in an increased demand for longer, more secure, and harder to remember passwords. As a result, other authentication schemes, such as graphical passwords, have been explored. A recent study conducted by McLennan \textit{et. al} in 2017 introduced a new authentication scheme called Game Changer Password System (GCPS), which uses game figure positions as password characters. The usability of the scheme was evaluated as promising, but these conclusions suffered from validity threats, as the passwords used in the study did not represent secure GCPS passwords. In addition, the proposed scheme was not compared to the traditional passwords. In this study, we examined password recall rates and reaction time (login time), and we compared the results between the textual and GCPS passwords. We conclude that textual passwords are still superior both in terms of memorability and input speed, which justifies their prominence as a basic authentication mechanism.

Author Biographies

Leon Bošnjak, Univerza v Mariboru, Fakulteta za elektrotehniko, računalništvo in informatiko

Leon Bošnjak je zaposlen kot asistent za področje informatike na Fakulteti za eletrotehniko, računalništvo in informatiko na Univerzi v Mariboru. Leta 2014 je magistriral iz informatike in tehnologij komuniciranja. Leta 2022 pa je uspešno končal doktorski program Računalništvo in informatika. V okviru raziskav se ukvarja z informacijsko varnostjo, bolj specifično z tekstovnimi in grafičnimi gesli, ter drugimi metodami overjanja.

Viktor Taneski, Univerza v Mariboru, Fakuleta za elektrotehniko, računalništvo in informatiko

Viktor Taneski je asistent na Fakulteti za elektrotehniko, računalništvo in informatiko na Univerzi v Mariboru. Doktoriral je leta 2019 iz tematike Markovih modelov ter vpliv podatkovnih zbirk za usposabljanje Markovih modelov na dokončno ocenjevanje moči gesel. Njegovo raziskovalno delo je povezano z varnostjo informacijskih sistemov, varnostjo gesel ter s človeškimi vidiki in navadami, povezanimi z ustvarjanjem in uporabo gesel.