ACRAS A Hybrid Graphical User-Authentication System

Abstract

The traditional text-based password is ubiquitous in today's computing environment, yet creation and maintenance of both usable and secure passwords remains one of the largest challenges in modern computing. This project investigates an alternative authentication mechanism to the traditional static text-based password. The Algorithmic Challenge/Response Authentication System (ACRAS) is a single-factor, one-time-password system based on the accurate recognition and interpretation of user-defined graphic characteristics within a set of challenge graphics. There is broad consensus that the human mind excels at graphic recognition and cued recall when compared to the abstract rote memorization of a complex string of text. ACRAS leverages this innate ability of the human mind; providing a framework for system users to define a set of rules for the recognition and processing of select characteristics of graphic challenges. Application of these easily-recalled rules deterministically generates a one-time-password string that is dependent upon the session's randomly selected set of challenge graphics. As a one-time-password system, ACRAS is inherently resistant to some of the more common attacks on traditional authentication systems and suggests an increase of protection against others as compared to these static systems. A series of user-experiments have been conducted with an ACRAS prototype to gauge usability and overall user impression of the system.