To search, Click below search items.


All Published Papers Search Service


Ef?cacy of Object-Based Passwords for User Authentication


Sufian Hameed, Lamak Qaizar and Shankar Khatri


Vol. 17  No. 12  pp. 33-40


Traditional text-based password schemes are inherently weak. Users tend to choose passwords that are easy to remember, making them susceptible to various attacks that have matured over the years. ObPwd [5] has tried to address these issues by converting user-selected digital objects to high-entropy text passwords for user authentication. In this paper, we extend the ObPwd scheme with a new object based password scheme that performs majority of the computation at the server side. This paper essentially discusses two frameworks for object password schemes, an object hash-based scheme (where the client machine computes the hash of the object to be used as text password) and an object-based scheme (where the object is directly transmitted to the server as password). We also evaluate the performance of both the object password schemes against conventional text-based password schemes using prototypes of each of the frameworks. Implications with respect to ease of use, sharing and security are also discussed.


Authentication, Object-based Passwords, Passwords, object-hash.