Accession Number:



Investigating Background Pictures for Picture Gesture Authentication

Personal Author(s):

Corporate Author:

Naval Postgraduate School Monterey United States

Report Date:



The military relies heavily on computer systems. Without a strong method of authentication to access these systems, threats to confidentiality,integrity, and availability of government information are likely to be more successful. A recent method of authentication forthe Windows 8 and Windows 10 operating systems is picture gesture authentication PGA, a new approach to entering a password toauthenticate a user during system login. Each PGA password is composed of three gestures that are drawn over a picture chosen bythe user. Strength requirements are set for PGA passwords similarly to text-based passwords. For simplicity, users tend to use shapes,colors, and objects in a picture, called points of interest POI, as guidance when creating each gesture for their password. This conceptprovides an opportunity for potential hackers to make logical password guesses, decreasing the security of PGA. Previous work onPGA security used a proprietary brute-force algorithm to guess passwords based on POIs. We present a similar brute-force algorithmthat is publicly available. We evaluate the efficiency of the new algorithm against various background pictures and propose strengthrequirements to improve the security of PGA.

Descriptive Note:

Technical Report,30 Jun 2016,23 Sep 2016

Supplementary Note:

01 Jan 0001, 01 Jan 0001, Reissued 3 Aug 2017 with corrections to order of in-text source citations. Searched but no prior submission to DTIC.



Subject Categories:

Communities Of Interest:

Modernization Areas:

Distribution Statement:

Approved For Public Release;

File Size: