Eiji Hayashi, Bryan Pendleton, Fatih Kursat Ozenc, and Jason Hong

ACM Conference on Human Factors in Computing Systems (CHI)

May 2012

Passwords are the most common authentication scheme today. However, it is difficult for people to memorize strong passwords, such as random sequences of characters. Additionally, passwords do not provide protection against phishing attacks. This paper introduces WebTicket, a low cost, easy-to-use and reliable web account management system that uses “tickets”, which are tokens that contain a two-dimensional barcode that can be printed or stored on smartphones. Users can log into accounts by presenting the barcodes to webcams connected to computers. Through two lab studies and one field study consisting of 59 participants in total, we found that WebTicket can provide reliable authentication and phishing resilience.

authentication, password, usable privacy and security