An Investigation of Social Engineering Techniques towards Graphical Password Authentication
Social engineering has been considered as one of the main processes to break through the information security. Social engineering technique is the way to get unauthorized information and penetrating accouns through the use of non-technical methods relying on the skills of the hacker in the ability t...
Saved in:
Summary: | Social engineering has been considered as one of the main processes to break through the information security. Social engineering technique is the way to get unauthorized information and penetrating accouns through the use of non-technical methods relying on the skills of the hacker in the ability to deceive others and persuade them to get as much information. Social engineering techniques are considered the most ways that are used to attack and steal the information all over the world, for that it is becoming necessary to study this kind of attacks and find methods that protect the information from the attacks such as graphical password. A graphical password. A graphical password is an authentication system that works by having the user select from images, in a specific order, presented in a graphical user interface (GUI); for this reason the graphical password approach is sometimes called graphical user authentication (GUA).There are three graphical password types; choice-based graphical password, click-based graphical password and draw-based graphical password. On the other hand tradisional password is a secret word or characters used for the user’s authentication and identity to gain access to resources. The objectives of this study are to thoroughly explain social engineering attacks methods, classified the social engineering attack methods based on the weaknesses and compare the impact of the social engineering attacks methods on both of the graphical password and traditional password by referring to the existing literature reviews. In addition, the thesis will also present a study conducted to compare the graphical password types (click-based and choice-based graphical password) towards passwords guessing, a branch of social engineering methods. To achieve the research goals an extensive literature search was conducted to achieve the first and second objectives. For the third objective a survey was conducted by distributing a questionnaire to 50 participants. The collected data were analysed via SPSS. Result show that tradisional passwords are easy to attack by all kinds of attacks, while, the graphical passwords are difficult to penetrate in comparative to tradisional passwords. Moreover, choice-based graphical passwords can resist the attacks better than click-based graphical passwords as number of participants correctly guessed chaoice-based password is less than the click-based graphical password. |
---|