Article

Complexity Metrics and User Strength Perceptions of the Pattern-Lock Graphical Authentication Method

Authors:

Panagiotis Andriotis,

George OikonomouAuthors Info & Claims

Proceedings of the Second International Conference on Human Aspects of Information Security, Privacy, and Trust - Volume 8533

Pages 115 - 126

https://doi.org/10.1007/978-3-319-07620-1_11

Published: 22 June 2014 Publication History

Abstract

One of the most popular contemporary graphical password approaches is the Pattern-Lock authentication mechanism that comes integrated with the Android mobile operating system. In this paper we investigate the impact of password strength meters on the selection of a perceivably secure pattern. We first define a suitable metric to measure pattern strength, taking into account the constraints imposed by the Pattern-Lock mechanism's design. We then implement an app via which we conduct a survey for Android users, retaining demographic information of responders and their perceptions on what constitutes a pattern complex enough to be secure. Subsequently, we display a pattern strength meter to the participant and investigate whether this additional prompt influences the user to change their pattern to a more effective and complex one. We also investigate potential correlations between our findings and results of a previous pilot study in order to detect any significant biases on setting a Pattern-Lock.

References

[1]

Andriotis, P., Tryfonas, T., Oikonomou, G., Yildiz, C.: A pilot study on the security of pattern screen-lock methods and soft side channel attacks. In: 6th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2013, pp. 1—6. ACM (2013)

Digital Library

[2]

Askoxylakis, I.G., Kastanis, D.D., Traganitis, A.: Elliptic curve and password based dynamic key agreement in wireless ad-hoc networks. In: Communication, Network, and Information Security, pp. 50—60 (2006)

[3]

Aviv, A.J., Gibson, K., Mossop, E., Blaze, M., Smith, J.M.: Smudge attacks on smartphone touch screens. In: 4th USENIX Conference on Offensive Technologies, pp. 1—7. USENIX Association (2010)

Digital Library

[4]

Biddle, R., Chiasson, S., Van Oorschot, P.C.: Graphical passwords: Learning from the first twelve years. ACM Computing Surveysä44(4), 1—41 (2012)

Digital Library

[5]

Bonneau, J.: The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: 2012 IEEE Symposium Security and Privacy (SP), pp. 538—552. IEEE (2012)

Digital Library

[6]

Brostoff, S., Sasse, A.: Are Passfaces More Usable Than Passwords? A Field Trial Investigation. In: People and Computers XIV Usability or Else!. Springer, London (2000)

[7]

Davis, D., Monrose, F., Reiter, M.: On user choice in graphical password schemes. In: USENIX Assosiation Proceedings of the 13th USENIX Security Symposium, pp. 151—163. USENIX Association (2004)

Digital Library

[8]

Jermyn, I., Mayer, A., Monrose, F., Reiter, M.K., Rubin, A.D.: The Design and Analysis of Graphical Passwords. In: 8th USENIX Security Symposium, pp. 1—14 (1999)

Digital Library

[9]

Passfaces Corporation.: The Science Behind Passfaces. White paper, http://www.passfaces.com/enterprise/resources/white_papers.htm

[10]

Solar Designer. John the Ripper, http://www.openwall.com/john/

[11]

van Oorschot, P.C., Thorpe, J.: Exploiting Predictability in Click-based Graphical Passwords. Journal of Computer Securityä19(4), 669—702 (2011)

Digital Library

[12]

van Oorschot, P.C., Thorpe, J.: On predictive models and user-drawn graphical passwords. ACM Trans. Inf. Syst. Secur.ä10(4), 5:1—5:33 (2008)

Digital Library

[13]

Sasse, M.A., Brostoff, S., Weirich, D.: Transforming the 'weakest link' - a human/computer interaction approach to usable and effective security. BT Technology Journalä19(3), 122—131 (2001)

Digital Library

[14]

Standing, L., Conezio, J., Haber, R.N.: Perception and Memory for Pictures: Single-trial Learning of 2500 Visual Stimuli. Psychonomic Scienceä19(2), 73—74 (1970)

[15]

Tao, H., Adams, C.: Pass-Go: A Proposal to Improve the Usability of Graphical Passwords. International Journal of Network Securityä7(2), 273—292 (2008)

[16]

Thorpe, J., van Oorschot, P.C.: Human-seeded attacks and exploiting hot-spots in graphical passwords. In: USENIX Assosiation Proceedings of the 16th USENIX Security Symposium, pp. 103—118. USENIX Association (2007)

Digital Library

[17]

Uellenbeck, S., Dürmuth, M., Wolf, C., Holz, T.: Quantifying the security of graphical passwords: the case of android unlock patterns. In: 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 161——172. ACM (2013)

Digital Library

Cited By

Korkes EMunyendo CIsaac AHennemann VAviv A(2024)"I'm going to try her birthday": Investigating How Friends Guess Each Other's Smartphone Unlock PINs in the LabProceedings of the 2024 European Symposium on Usable Security10.1145/3688459.3688461(220-234)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3688459.3688461
Sekiguchi SKato SNishikawa YShizuki B(2024)Authentication Method Using Opening GesturesHCI for Cybersecurity, Privacy and Trust10.1007/978-3-031-61382-1_12(186-203)Online publication date: 29-Jun-2024
https://dl.acm.org/doi/10.1007/978-3-031-61382-1_12
Yi XZhang SPan ZShi LHan FKong YLi HShi Y(2023)Squeez’In: Private Authentication on Smartphones based on Squeezing GesturesProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581419(1-15)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581419
Show More Cited By

Recommendations

On the Effectiveness of Pattern Lock Strength Meters: Measuring the Strength of Real World Pattern Locks
CHI '15: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems

We propose an effective pattern lock strength meter to help users choose stronger pattern locks on Android devices. To evaluate the effectiveness of the proposed meter with a real world dataset (i.e., with complete ecological validity), we created an ...
Examining the relationship between security metrics and user ratings of mobile apps: a case study
WAMA 2016: Proceedings of the International Workshop on App Market Analytics

The success or failure of a mobile application (`app') is largely determined by user ratings. Users frequently make their app choices based on the ratings of apps in comparison with similar, often competing apps. Users also expect apps to continually ...
Bittersweet ADB: Attacks and Defenses
ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

Android devices and applications become prevalent and ask for unanticipated capabilities thanks to the increased interests in smartphones and web applications. As a way to use the capabilities not directly available to ordinary users, applications have ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Proceedings of the Second International Conference on Human Aspects of Information Security, Privacy, and Trust - Volume 8533

June 2014

434 pages

ISBN:9783319076195

Editors:
Theo Tryfonas
Cryptography Group, University of Bristol, Bristol, UK
,
Ioannis Askoxylakis
Institute of Computer Science, Foundation for Research and Technology - Hellas (FORTH), Heraklion, Greece

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 22 June 2014

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

29
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Korkes EMunyendo CIsaac AHennemann VAviv A(2024)"I'm going to try her birthday": Investigating How Friends Guess Each Other's Smartphone Unlock PINs in the LabProceedings of the 2024 European Symposium on Usable Security10.1145/3688459.3688461(220-234)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3688459.3688461
Sekiguchi SKato SNishikawa YShizuki B(2024)Authentication Method Using Opening GesturesHCI for Cybersecurity, Privacy and Trust10.1007/978-3-031-61382-1_12(186-203)Online publication date: 29-Jun-2024
https://dl.acm.org/doi/10.1007/978-3-031-61382-1_12
Yi XZhang SPan ZShi LHan FKong YLi HShi Y(2023)Squeez’In: Private Authentication on Smartphones based on Squeezing GesturesProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581419(1-15)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581419
Ogawa MAuernheimer BEndicott-Popovsky BHinrichs RCrosby M(2023)Privacy and Security Perceptions in Augmented Cognition ApplicationsAugmented Cognition10.1007/978-3-031-35017-7_27(429-440)Online publication date: 23-Jul-2023
https://dl.acm.org/doi/10.1007/978-3-031-35017-7_27
Shin HSim SKwon HHwang SLee Y(2022)A new smart smudge attack using CNNInternational Journal of Information Security10.1007/s10207-021-00540-z21:1(25-36)Online publication date: 1-Feb-2022
https://dl.acm.org/doi/10.1007/s10207-021-00540-z
Park LHwang ELee DKwon T(2022)Towards Constructing Consistent Pattern Strength Meters with User’s Visual PerceptionInformation Security and Cryptology – ICISC 202210.1007/978-3-031-29371-9_5(81-99)Online publication date: 30-Nov-2022
https://dl.acm.org/doi/10.1007/978-3-031-29371-9_5
Andriotis PKirby MTakasu A(2022)Bu-Dash: A Universal and Dynamic Graphical Password SchemeHCI for Cybersecurity, Privacy and Trust10.1007/978-3-031-05563-8_14(209-227)Online publication date: 26-Jun-2022
https://dl.acm.org/doi/10.1007/978-3-031-05563-8_14
Munyendo CGrant MMarkert PForman TAviv AChiasson S(2021)Using a blocklist to improve the security of user selection of android patternsProceedings of the Seventeenth USENIX Conference on Usable Privacy and Security10.5555/3563572.3563575(37-55)Online publication date: 9-Aug-2021
https://dl.acm.org/doi/10.5555/3563572.3563575
Samuel RMarkert PAviv ANeamtiu ILipford H(2020)Knock, knock. who's there? on the security of LG's knock codesProceedings of the Sixteenth USENIX Conference on Usable Privacy and Security10.5555/3488905.3488908(37-59)Online publication date: 10-Aug-2020
https://dl.acm.org/doi/10.5555/3488905.3488908
Abdrabou YPfeuffer KKhamis MAlt F(2020)GazeLockPatterns: Comparing Authentication Using Gaze and Touch for Entering Lock PatternsACM Symposium on Eye Tracking Research and Applications10.1145/3379156.3391371(1-6)Online publication date: 2-Jun-2020
https://dl.acm.org/doi/10.1145/3379156.3391371
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents