ABSTRACT
We performed a systematic evaluation of the shoulder surfing susceptibility of the Android pattern (un)lock. The results of an online study (n=298) enabled us to quantify the influence of pattern length, line visibility, number of knight moves, number of overlaps and number of intersections on observation resistance. The results show that all parameters have a highly significant influence, with line visibility and pattern length being most important. We discuss implications for real-world patterns and present a linear regression model that can predict the observability of a given pattern. The model can be used to provide proactive security measurements for (un)lock patterns, in analogy to password meters.
- Andriotis, P., Tryfonas, T., and Oikonomou, G. Complexity metrics and user strength perceptions of the pattern-lock graphical authentication method. In Col. HAS'14, vol. 8533 of Lecture Notes in Computer Science. Springer International Publishing, 2014, 115--126. Google ScholarDigital Library
- Aviv, A. J., Gibson, K., Mossop, E., Blaze, M., and Smith, J. M. Smudge attacks on smartphone touch screens. WOOT 10 (2010), 1--7. Google ScholarDigital Library
- De Luca, A., Hang, A., Brudy, F., Lindner, C., and Hussmann, H. Touch me once and i know it's you!: implicit authentication based on touch screen patterns. In Proc. CHI '12, ACM (New York, NY, USA, 2012), 987--996. Google ScholarDigital Library
- Harbach, M., von Zezschwitz, E., Fichtner, A., De Luca, A., and Smith, M. It's a hard lock life: A field study of smartphone (un)locking behavior and risk perception. In Proc. SOUPS '14, USENIX Association (Menlo Park, CA, July 2014), 213--230.Google Scholar
- Jermyn, I., Mayer, A., Monrose, F., Reiter, M. K., and Rubin, A. D. The design and analysis of graphical passwords. In Proc. SSYM'99, USENIX Association (Berkeley, CA, USA, 1999), 1--1. Google ScholarDigital Library
- Uellenbeck, S., Dürmuth, M., Wolf, C., and Holz, T. Quantifying the security of graphical passwords: The case of android unlock patterns. In Proc. CCS '13, ACM (New York, NY, USA, 2013), 161--172. Google ScholarDigital Library
- van Eekelen, W., van den Elst, J., and Khan, V.-J. Dynamic layering graphical elements for graphical password schemes. Creating the Difference (2014), 65.Google Scholar
- von Zezschwitz, E., Dunphy, P., and De Luca, A. Patterns in the wild: a field study of the usability of pattern and pin-based authentication on mobile devices. In Proc. MobileHCI '13, ACM (New York, NY, USA, 2013), 261--270. Google ScholarDigital Library
- Zakaria, N. H., Griffiths, D., Brostoff, S., and Yan, J. Shoulder surfing defence for recall-based graphical passwords. In Proc. SOUPS '11, ACM (New York, NY, USA, 2011), 6:1--6:12. Google ScholarDigital Library
Index Terms
- Easy to Draw, but Hard to Trace?: On the Observability of Grid-based (Un)lock Patterns
Recommendations
Patterns in the wild: a field study of the usability of pattern and pin-based authentication on mobile devices
MobileHCI '13: Proceedings of the 15th international conference on Human-computer interaction with mobile devices and servicesGraphical password systems based upon the recall and reproduction of visual patterns (e.g. as seen on the Google Android platform) are assumed to have desirable usability and memorability properties. However, there are no empirical studies that explore ...
How hard can it be to place a ballot into a ballot box?: usability of ballot boxes in tamper resistant voting systems
End-to-end verifiable voting methods are an emerging type of voting system, and a number of new designs are being actively developed. Many of these systems try to mirror current paper voting methods and use a paper ballot that can be scanned and then ...
Evaluating the Usability of E-Voting Technologies
Voting has been an accepted means for electing candidates, receiving public approval for referendums and budgets, and for many other tasks where the will of the people, whether a broad population or a select group, can be recorded and measured in a ...
Comments