Text-based authentication is the most frequently used mechanism to authenticate a user on a computer system. Although this scheme brings a disadvantage, which is the human limitation to remember secure passwords, it still succeeds against other approaches. In this research, we propose MemImgAuth, a recognition-based authentication system with a better balance point between security and usability. MemImgAuth provides a dynamic level of security. To achieve this, the users select self-taken photographs as a password alternative for the user authentication. Thus, the password space is becoming personalized, easily expandable and possible passwords are already in a user’s memory. We evaluate the operability of the proposed system with a user study and calculate the theoretical security of the proposed scheme. We discuss the results and compare the findings to other common authentication schemes. The results show that MemImgAuth can be used as an alternative authentication scheme, but with a higher security level, the usability becomes worse. The paper concludes with a discussion about the findings and also gives some idea for future work.
2017-08-07: Published scientific paper:"Graphical User Authentication with a Dynamic Security Level"
UEC Conference for foreign exchange students: MemImgAuth presentation
Published bachelor report: Security analysis of OAuth implementations in client based Android apps
I'm interested in IT security and related topics. Since more than 10 years I'm dealing with both theoretical and also practical computer security. During my university time, I've also specialized my skills in this topic.