H-IBAS-H Instructions

This appendix shows that H-IBAS-H is functional and operates well on both of its modes: the pre-set mode and the flexible mode.

20.1 Preset mode

This session explores the pre-set mode which is the mode used in the one-time experiment and then in the 4-week experiment.

20.1.1 Admin settings:

1. Go to the H-IBAS-H website which is: www.oman4ever.org

2. The H-IBAS-H front page appears as shown below:

3. If you are the H-IBAS-H administrator, please click on “Admin Login” shown under the “Services” tab.

4. The ‘admin login page’ appears, please enter your username and password and then click “Submit”:

Currently, the username is set to: “admin”

And the password is set to: “admin1ws”

5. Provided that the username and the password entered are valid, the admin settings page appears as shown below:

admin-settings

As shown in the screenshot above, the admin can force the users to select a certain number of pass-images, go through at least a certain number of training rounds and can also force them to go through a certain number of training rounds.

The currently-set policy as determined by the H-IBAS-H administrator in the screenshot above is as follows:

1. Users must select exactly 4 pass-images.

2. Users must go through exactly 4 login-rounds.

3. Users must successfully complete at least 2 training rounds. (After the successful completion of the 2 training rounds, users are free to either save their details with the system or continue training)

As also shown in the screenshot above, the H-IBAS-H administrator can also do the flowing:

· View the currently registered users with H-IBAS-H.

· Lock users’ accounts, by clicking on:

· Unlock users’ accounts, if they are locked, by clicking on:

· Rest users’ pass-images, in case they have forgotten them for example, by clicking on:.

Naturally, the H-IBAS-H administrator can change their username or their password from either indirectly from the H-IBAS-H interface or directly from the H-IBAS-H database.

For the specified authentication policy, for the example the one shown above which is again 4 pass-images, 4 login rounds and at least 2 training rounds, to be applicable and effective with H-IBAS-H, the H-IBAS-H administrator must tick the box shown on the right of Use authentication Criteria and then click “Submit”. See below:

To enforce a particulate authentication policy, after setting the desired parameters,

Firstly,

Down Arrow Callout: Tick

Then, click on

Upon clicking on “Submit”, H-IBAS-H displays a new page informing the administrator that their set policy has been applied:

authenticationCriteriaChanged

Then, the H-IBAS-H can log out of their admin page by clicking on the logout link shown under the “Services” tab.

20.1.2 The registration stage

Kindly visit the H-IBAS-H website: www.oman4ever.org

We are assuming that you are a new user. If you are an existing user, please proceed to the login stage.

1. Please click on “New User” from:

As soon as “New User” is clicked, the registration page, shown below, appears:

Left Arrow Callout: Note: Control is disabled

Cloud Callout: Click “Reload” or press F5 for new images You are advised to select your 4 pass-images before you fill in your details. If you are not happy with the current set of images, please feel free to click on or just press F5 or refresh the page and new images will be displayed as shown below:

You can refresh the page as many times as you wish and you can also click on the reload button as many times as you like until you feel ready to choose your 4 images.

Please note that your 4 pass-images must be selected from the same page. This implies that you cannot, for example, choose 2 images and then refresh the page to select the remaining two from a different page.

2. Please choose the 4 images by clicking on the tick box that belongs to each image. An example of this is shown below:

3. Next, please fill in your details. Please make sure that you fill all the boxes that labelled with. In our scenario, the details are filled in as shown below:

Please try to come up with a username that you think is unique.

Before you proceed to the “” button, please make sure that:

You have filled in all the boxes.

You have selected exactly 4 pass-images.

4. Then, please click on the “” button to proceed to your first training round. In this policy, there are two training rounds that must be successfully completed:

5. As soon as the “” button is clicked, H-IBAS-H will conduct three checks:

A. H-IBAS-H will check to see whether you have filled in all the boxes.

B. H-IBAS-H will check to see whether you have selected 4 pass-images.

C. H-IBAS-H will check to see whether the username you have entered is being used by another user.

If any of the above checks are found to be negative, H-IBAS-H will ask you either to ensure that you have filled in all the boxes or to re-input a new user name, or to re-choose 4 pass-images exactly!

However, if the above checks are found to be positive, then H-IBAS-H will forward you to the first training round as shown below:

Please note that there are 2 training rounds to be successfully completed as set by the H-IBAS-H administrator. The purpose of the training rounds is to get you familiar with your 4 pass-images that you have selected. In a way, they act as a confirmation of your 4 pass-images. Similarly, if you were to choose a new text-based password, you will be asked to confirm it by re-typing it again.

6. Please note that the training rounds displays 21 images, 4 of which are your pass-images that you have selected in step 2. You are required to recognise your 4 pass-images by ticking on the boxes that belong to them as shown below:

7. If you are sure that the mages, that you have just selected, are your pass-images, that you have selected in step 2, then please click on:.

8. As soon as “ ” is clicked, H-IBAS-H will check to see if the images that you have selected are actually your images. If the check is positive, then H-IBAS-H will inform you that. However, if you have selected incorrect images, i.e. images that are not your pass-images or didn’t select any images at all, then H-IBAS-H will also tell you that.

So, let’s click on , and see whether we have passed the first training round:

As can be seen from the above screenshot, H-IBAS-H informs us that we have selected the correct images.

9. H-IBAS-H also tells us that there is 1 more training round to conduct. Therefore, let’s click on “ ” to proceed to the second round:

We know that our 4 pass-images are there somewhere, and we are required again to identify them: (Please note that H-IBAS-H changes the locations where the pass-images are placed.)

We are fairly sure that the images that we have selected are the correct images, therefore, let’s click on “ ” to find out whether we are successful:

As can be seen from the above screenshot, H-IBAS-H informs us that we have selected the correct images. H-IBAS-H offers us two options, if we want to keep on training, then we need to click on “ ” in .

However, if we would like to complete our registration, then we need to click on “ ” in .

Let’s have another training round, thus we need to click on “ ” in :

Then, let’s make a mistake to see how H-IBAS-H would react:

And lets click on: .

This time, H-IBAS-H tells us that we have failed in correctly identifying our 4 pass-image. H-IBAS-H is clever! Anyway, H-IBAS-H now offers 2 options:

If we want to try again, then we need to click on in .

However, if we feel that there absolutely no way that we can correctly recognise our 4 pass-images, then we can go back and choose different ones by clicking on: in .

For the sake of setting an example, let’s assume that we would like to select new images, so let’s click on: inand the registration page appears again:

Left Arrow Callout: Note that H-IBAS-H keeps our detailsJ

We can of course refresh the page to get new images but we are happy with the current se of the images, so let’s choose 4 images as shown below:

And lets click on: .

After the system checking, H-IBAS-H forwards us to the first training round as shown below:

Our 4 pass-images are shown in this round, so let’s select them:

And lets click on: .

H-IBAS-H informs us whether we have selected the correct images as shown below:

As H-IBAS-H tells us, we select the correct 4 images in the past round, and we still have one more round to go through.

Thus, let’s click on “ ” to proceed to the second round:

And now let’s tick our 4 images:

And lets click on: .

And H-IBAS-H tells us, as shown below, that have chosen the correct images:

H-IBAS-H offers us two options, if we want to keep on training, then we need to click on “ ” in .

However, if we would like to complete our registration, then we need to click on “ ” in .

This time, let’s just complete our registration, thus lets tick ” in .

H-IBAS-H thanks us for registering with it as shown in the screenshot below:

The screenshot officially informs us that we have now registered with H-IBAS-H. What this technically means is that our details have now been saved in the database.

20.1.3 Login stage

Please note that, in this particular authentication policy, as determined by the H-IBAS-H administrator, the login stage is made up of 4 login rounds. Our 4 pass-images are randomly distributed on these 4 rounds, so let’s find them.

Having successfully registered with H-IBAS-H, we can now log in to the system by clicking on from:

As soon as “ ” is clicked, the following page appears:

Let’s type in our username:

And then, let’s click on the button to get to the first login round. Please note that H-IBAS-H will check to see whether the user name we have entered is a valid user name, i.e. it exists in its username. If the check is negative, then H-IBAS-H will tell us that and will ask us to re-enter our correct username. If the check is, however, positive, then we get our first login round as shown below:

Please note that we are not told if this particular round includes any pass-images. But we know that if we conclude that it does not include any pass-images, then we need to tick the box.

However, if we conclude that there is(are) pass-image(s), then we need to tick them. However, we are not told the number of pass-images included in this stage, so it could be 0, or 1 or 2 or 3 or 4.

Let’s see, we think that there is one pass-image show here, so let’s tick it:

As we cannot see any other of our pass-images, let’s click on to get to the second login round:

We know that we have got 3 pass-images left, let’s if there is any of the remaining three here:

Yes, we can see 2 pass-images there, so let’s tick them:

Let’s now click on the button to get to the third training round:

We know that we have got only 1 pass-image left, is it displayed here? Nooo! So, let’s tick on the box, as show below:

And let’s now click on the “ ” button to get to the last and the fourth round. (It is common sense that since we know that we only have 1 pass-image left, and it is not in the third round, then it must be in the fourth round, let’s not forget that the fourth round is the last round. Since we are only guessing, let’s see any way:)

Yes we are right! The remaining pass-image is indeed displayed in this round, so let’s tick it:

And let’s now click on the button to see whether we have been successful in identifying our 4 pass-images:

Yes, we have passed our login stage!

20.2 Changing Pass-images

Since we are now inside our account, we can change our pass-images if we wish by clicking on from

This will take us back to the registration stage, where a set of 21 random images are displayed as shown below:

H-IBAS-H already knows our details so there is no need to re-input them. Since this is the pre-set mode, we MUST select 4 images since the H-IBAS-H administrator has set the system to work with 4 images and since our account uses 4 images. Lets try to select 3 only and see what happens:

H-IBAS-H refuses to service us and tells us that we need to enter a valid amount of images, i.e. 4 images:

As usual, we can refresh the page to get new images but this time, so lets do a refresh:

And now let’s select 4 images exactly:

Please note that H-IBAS-H does not show any of our old previous pass images for security reasons.

Lets click on the “” button to proceed to our first training round.

Before we are taken to our first round, H-IBAS-H checks if we have selected exactly 4 images or not. Since we have selected 4 images, H-IBAS-H forwards us to our first training round. Let’s tick our 4 images in the first training round:

So, let’s click on , and see whether we have passed the first training round:

As can be seen from the above screenshot, H-IBAS-H informs us that we have selected the correct images.

H-IBAS-H also tells us that there is 1 more training round to conduct. Therefore, let’s click on “ ” to proceed to the second round, and lets select our 4 images as shown below:

And lets click on: .

And H-IBAS-H tells us, as shown below, that have chosen the correct images:

H-IBAS-H offers us two options, if we want to keep on training, then we need to click on “ ” in .

However, if we would like to complete, then we need to click on “ ” in .

Let’s just complete our changing pass images process, and thus lets tick ” in .

And H-IBAS-H, as shown below, informs us that our pass-images have been changed successfully:

Now to login, we need use our new images as briefly shown below:

And H-IBAS-H tells us, as shown below, that have chosen the correct images:

H-IBAS-H offers us two options, if we want to keep on training, then we need to click on “ ” in .

However, if we would like to complete, then we need to click on “ ” in .

Let’s just complete our changing pass images process, and thus lets tick ” in .

And H-IBAS-H, as shown below, informs us that our pass-images have been changed successfully:

Now to login, we need use our new images as briefly shown below:

And we are in our account:

Okay, we can always change our pass-images…but this time, let’s simply logout by clicking on. If we log out, we go back to our home page:

Thanks for using H-IBAS-H.

20.3 Flexible mode

This part explores the flexible mode which is the mode used as a partial experiment in week 4 of the 4-week experiment.

20.3.1 Admin settings

6. Go to the H-IBAS-H website which is: www.oman4ever.org

7. The H-IBAS-H front page appears as shown below:

8. If you are the H-IBAS-H administrator, please click on “Admin Login” shown under the “Services” tab:

9. The ‘admin login page’ appears, please enter your username and password and then click “Submit”:

Currently, the username is set to: “admin”

And the password is set to: “admin1ws”

10. Provided that the username and the password entered are valid, the admin settings page appears as shown below:

admin-settings

As shown in the screenshot above, the current H-IBAS-H settings force the users to select 4 pass-images, go through at least 2 training rounds and force them to go through 4 login rounds.

To flush all these settings, so that the user would get to choose what number of pass-images they would like to use and what number of training and login rounds they would like to go through, then tick box located on the right of: “Use authentication criteria” need to be un-ticked.

Down Arrow Callout: Un-tick In other words, to enforce the flexible mode policy;

Firstly,

And then, click on

Upon clicking on , H-IBAS-H displays a new page informing the administrator that their set policy has been applied:

authenticationCriteriaChanged

Then, the H-IBAS-H can log out of their admin page by clicking on the logout link shown under the “Services” tab.

20.3.2 The registration stage

Kindly visit the H-IBAS-H website: www.oman4ever.org

We are assuming that you are a new user. If you are an existing user, please proceed to the login stage.

1. Please click on “New User” from the front page:

Left Arrow Callout: Note: Control is enabled As soon as “New User” is clicked, the registration page, shown below, appears:

You are advised to select your pass-images before you fill in your other details. If you are not happy with the current set of images, please feel free to click on or just press F5 or refresh the page and new images will be displayed as shown below:

Cloud Callout: Click “Reload” or press F5 for new images

You can refresh the page as many times as you wish and you can also click on the reload button as many times as you like until you feel ready to choose your pass-images.

Please note that your pass-images must be selected from the same page. This implies that you cannot, for example, choose 2 images and then refresh the page to select other two from a different page.

Please select any number of pass-images between and including 2 and 21. For security reasons, you are not allowed to select just a single pass-image. Obviously, you cannot go beyond 21 images since the registration page only offers 21. If, however, you would like to select more than 21, don’t worry with H-IBAS-H, everything is possible, just contact the H-IBAS-H administrator. His contact details are shown on the H-IBAS-H website.

2. Please choose the images by clicking on the tick box that belongs to each image. Assuming that you would select 2 pass-images only, the following example illustrates the operation:

3. Next, please fill in your details. Please make sure that you fill all the boxes that labelled with. In our scenario, the details are filled in as shown below:

Please input a valid e-mail address. While you are entering your e-mail, H-IBAS-H requires you to enter a valid e-mail address. H-IBAS-H will allow you to proceed if the email you gave entered does not meet the standard e-mail address format. This is because the input of an email address is significant such that if your account gets locked or you forget your pass-images, H-IBAS-H will send you an email that will help to either unlock your account or reset your pass-images.

Please try to come up with a username that you think is unique.

4. Please select the number of the login rounds that you would like to go through from the following:

For security reasons, you are allowed to choose a single login round. If you would like to select more than 5, does not worry with H-IBAS-H can do that, just contact the H-IBAS-H administrator. His contact details are shown on the H-IBAS-H website.

Before you proceed to the “” button, please make sure that:

You have filled in all the boxes.

You have selected at least 2 pass-images.

4. Then, please click on the “” button to proceed to your first training round. In the flexible mode, H-IBAS-H only requires you to successfully complete one training round. Then after that, you are free to either save your details to complete your registration stage or to train more. With H-IBAS-H, you can train as many times as you like!

5. As soon as the “” button is clicked, H-IBAS-H will conduct three checks:

A. H-IBAS-H will check to see whether you have filled in all the boxes.

B. H-IBAS-H will check to see whether you have selected at least pass-images.

C. H-IBAS-H will check to see whether the username you have entered is being used by another user.

If any of the above checks are found to be negative, H-IBAS-H will ask you either to ensure that you have filled in all the boxes or to re-input a new user name, or to re-choose at least 2 pass-images. H-IBAS-H will only complain about the pass-images only if you have selected a single image or if you have not selected any image at all.

However, if the above checks are found to be positive, then H-IBAS-H will forward you to the first training round as shown below:

Please note that there is only 1 training round that needs to be successfully completed as set by the H-IBAS-H administrator. The purpose of the training round is to get you familiar with your chosen pass-images that you have selected. In a way, they act as a confirmation of your 4 pass-images. Similarly, if you were to choose a new text-based password, you will be asked to confirm it by re-typing it again.

6. Please note that the training rounds displays 21 images, 2 of which are your pass-images that you have selected in step 2. You are required to recognise your 2 pass-images by ticking on the boxes that belong to them as shown below:

7. If you are sure that the mages, that you have just selected, are your pass-images, that you have selected in step 2, then please click on:.

So, let’s click on , and see whether we have passed the first training round:

However, if we would like to complete our registration, then we need to click on “ ” in .

This time, let’s just complete our registration, thus lets tick ” in .

H-IBAS-H thanks us for registering with it as shown in the screenshot below:

The screenshot officially informs us that we have now registered with H-IBAS-H. What this technically means is that our details have now been saved in the database.

20.3.3 Login stage

Having successfully registered with H-IBAS-H, we can now log in to the system by clicking on from:

As soon as “ ” is clicked, the following page appears:

Let’s type in our username:

Please note that we are not told if this particular round includes any pass-images. But we know that if we conclude that it does not include any pass-images, then we need to tick the box.

However, if we conclude that there is(are) pass-image(s), then we need to tick them. However, we are not told the number of pass-images included in this stage, so it could be 0, or 1 or 2.

Let’s see, we think that both of our pass-images are show here, so let’s tick them:

Then, let’s click on to get to the second login round:

We know that we have got out 2 pass-images left, thus this round must include none of our pass-images since we have already selected them.

Therefore, lets tick the box.

And let’s now click on the button to see whether we have been successful in identifying our 2 pass-images:

Yes we have passed our login stage! Since we are now inside our account, we can either change our pass-images if we wish by clicking on from or we can simply logout by clicking on . If we log out, we go back to our home page:

Thanks for using H-IBAS-H.

20.4. Forgetting the pass-images

At the registration time, a valid e-mail address was entered as shown below:

H-IBAS-H actually forces the user to enter a valid email address format!

If a user forgot their pass-images, H-IBAS-H is friendly enough that it offers them two methods to recover their pass-images:

1) Either they request an email to be sent to them by the use of “Forgot Pass Images” feature…

2) Or they can simply see their administrator.

20.4.1. Method 1:

1. They click on, the Forgot your Pass Images link:

2. H-IBAS-H asks them to enter their username as shown below:

3. The user clicks on Send Email.

4. H-IBAS-H informs them that an e-mail has been sent to them:

5. The student checks their email address:

(Please check your junk e-mail if you don’t see the H-IBAS-H e-mail)

6. The student/user opens the email:

7. The student clicks on the link:

(Please note the code is encrypted)

8. The student is enabled to change their pass-images:

9. Since the student created their account in the flexible mode, they can select any number of pass-images between and including 2, and 21.

10. H-IBAS-H forwards the user to the training stage:

11. As shown above, the student selects their pass-images and click “submit”!

12. The student saves their details and H-IBAS-H tells the student that their pass-images have been changed:

13. As shown by the screenshots below, the student can now log in to their account using their new images: (Since their account originally uses 2 login rounds, they only have to go through 2 login rounds.)

14. And if authentication is successful, H-IBAS-H welcomes you as shown below:

20.5. Locking users

If the user fails at the first login attempt, H-IBAS-H displays this message:

If the user fails at the second login attempt, H-IBAS-H displays this message:

If the user fails at the third login attempt, H-IBAS-H displays this message:

If the user tries to log in for the fourth consequante attempt, H-IBAS-H displays this message:

The ‘legtimate’ user can then check their e-mail address, the one they provided H-IBAS-H with at the registartion time. Upon the checking of their email, the user will see this email from H-IBAS-H:

And the user opens the email to see this:

As the instructions say, the user clicks on the provided ‘encrypted’ link:

http://www.oman4ever.org/changePassImages.jsp?code=1TIhUwWWyp4%3D

Before they get their account locked, H-IBAS-H forces users to change pass their pass images to maximise security. Thus, upon the clicking of that link, H-IBAS-H forwards the users to change their pass-images:

None of the offered images are from the previous users’ images.

The user, as explained in the relevant section select the new images and then goes through the training phase and then their account will get unlocked.

Another way through which the legitimate user can get their account unlock is by contacting the H-IBAS-H administrator who can either send the legitimate user an e-mail or unlocks the account for them straight away if the user has forgotten their pass-images! The H-IBAS-H administrator would advise the legitimate user to change their pass-images as soon as they are successfully logged.

As shown in the screenshot below, the admin clicks on the Unlock link to unlock the account of the user ece50148148:

And the user ece50148148 can now log in to their account just as fine as it looks below:

Since the user ece50148148 is at their account, they can change their pass-images according to their admin advice!

20.6. Checking for a valid (format of) email address

As shown in the screen above, H-IBAS-H does not accept “test” as a valid address.

As shown in the screen above, H-IBAS-H does not accept “test@” as a valid address.

As shown in the screen above, H-IBAS-H does not accept “test.” as a valid address.

As shown in the screen above, H-IBAS-H does not accept “test@.” as a valid address

As shown in the screen above, H-IBAS-H does not accept “test@com.” as a valid address.

As shown in the screen above, H-IBAS-H does not accept “test@.c” as a valid address.

As shown in the screen above, H-IBAS-H does not accept “test@.com” as a valid address.

As shown in the screen above, H-IBAS-H does not accept “test@@om.com” as a valid address.

And Finally,

H-IBAS-H accepts “ece50148@port.ac.uk”

And H-IBAS-H also accepts “ece50148@hotmail.com”