TY - GEN
T1 - Activpass
T2 - 33rd Annual CHI Conference on Human Factors in Computing Systems, CHI 2015
AU - Dandapat, Sourav Kumar
AU - Pradhan, Swadhin
AU - Mitra, Bivas
AU - Choudhury, Romit Roy
AU - Ganguly, Niloy
N1 - Publisher Copyright:
© Copyright 2015 ACM.
PY - 2015/4/18
Y1 - 2015/4/18
N2 - This paper explores the feasibility of automatically extracting passwords from a user's daily activity logs, such as her Facebook activity, phone activity etc. As an example, a smartphone might ask the user: "Today morning from whom did you receive an SMS ?" In this paper, we observe that infrequent activities (i.e., outliers) can be memorable and unpredictable. Building on this observation, we have developed an end to end system ActivPass and experimented with 70 users. With activity logs from Facebook, browsing history, call logs, and SMSs, the system achieves 95% success (authenticates legitimate users) and is compromised in 5:5% cases (authenticates impostors). While this level of security is obviously inadequate for serious authentication systems, certain practices such as password sharing can immediately be thwarted from the dynamic nature of passwords. With security improvements in the future, activity-based authentication could fill in for the inadequacies in today's password-based systems.
AB - This paper explores the feasibility of automatically extracting passwords from a user's daily activity logs, such as her Facebook activity, phone activity etc. As an example, a smartphone might ask the user: "Today morning from whom did you receive an SMS ?" In this paper, we observe that infrequent activities (i.e., outliers) can be memorable and unpredictable. Building on this observation, we have developed an end to end system ActivPass and experimented with 70 users. With activity logs from Facebook, browsing history, call logs, and SMSs, the system achieves 95% success (authenticates legitimate users) and is compromised in 5:5% cases (authenticates impostors). While this level of security is obviously inadequate for serious authentication systems, certain practices such as password sharing can immediately be thwarted from the dynamic nature of passwords. With security improvements in the future, activity-based authentication could fill in for the inadequacies in today's password-based systems.
KW - Activity-based password
KW - Outliers
KW - Password sharing
UR - http://www.scopus.com/inward/record.url?scp=84951197473&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84951197473&partnerID=8YFLogxK
U2 - 10.1145/2702123.2702457
DO - 10.1145/2702123.2702457
M3 - Conference contribution
AN - SCOPUS:84951197473
T3 - Conference on Human Factors in Computing Systems - Proceedings
SP - 2325
EP - 2334
BT - CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems
PB - Association for Computing Machinery
Y2 - 18 April 2015 through 23 April 2015
ER -