research-article

SnapApp: Reducing Authentication Overhead with a Time-Constrained Fast Unlock Option

Authors:

Daniel Buschek,

Fabian Hartmann,

Emanuel von Zezschwitz,

Alexander De Luca,

Florian AltAuthors Info & Claims

CHI '16: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems

Pages 3736 - 3747

https://doi.org/10.1145/2858036.2858164

Published: 07 May 2016 Publication History

Abstract

We present SnapApp, a novel unlock concept for mobile devices that reduces authentication overhead with a time-constrained quick-access option. SnapApp provides two unlock methods at once: While PIN entry enables full access to the device, users can also bypass authentication with a short sliding gesture ("Snap"). This grants access for a limited amount of time (e.g. 30 seconds). The device then automatically locks itself upon expiration. Our concept further explores limiting the possible number of Snaps in a row, and configuring blacklists for app use during short access (e.g. to exclude banking apps). We discuss opportunities and challenges of this concept based on a 30-day field study with 18 participants, including data logging and experience sampling methods. Snaps significantly reduced unlock times, and our app was perceived to offer a good tradeoff. Conceptual challenges include, for example, supporting users in configuring their blacklists.

References

[1]

Panagiotis Andriotis, Theo Tryfonas, and George Oikonomou. 2014. Complexity metrics and user strength perceptions of the pattern-lock graphical authentication method. In Human Aspects of Information Security, Privacy, and Trust. Springer, 115--126.

Digital Library

[2]

Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith. 2010. Smudge Attacks on Smartphone Touch Screens. In Proceedings of the 4th USENIX Conference on Offensive Technologies (WOOT'10). USENIX Association, Berkeley, CA, USA, 1--7.

Digital Library

[3]

Andrea Bianchi, Ian Oakley, Vassilis Kostakos, and Dong Soo Kwon. 2011. The Phone Lock: Audio and Haptic Shoulder-surfing Resistant PIN Entry Methods for Mobile Devices. In Proceedings of the Fifth International Conference on Tangible, Embedded, and Embodied Interaction (TEI '11). ACM, NY, NY, USA, 197--200.

Digital Library

[4]

Matthias Böhmer, Brent Hecht, Johannes Schöning, Antonio Krüger, and Gernot Bauer. 2011. Falling Asleep with Angry Birds, Facebook and Kindle: A Large Scale Study on Mobile Application Usage. In Proceedings of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services (MobileHCI '11). ACM, NY, NY, USA, 47--56.

Digital Library

[5]

Daniel Buschek, Alexander De Luca, and Florian Alt. 2015. Improving Accuracy, Applicability and Usability of Keystroke Biometrics on Mobile Touchscreen Devices. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). ACM, NY, NY, USA, 1393--1402.

Digital Library

[6]

Mauro Cherubini and Nuria Oliver. 2009. A Re?ned Experience Sampling Method to Capture Mobile User Experience. In Workshop of Mobile User Experience Research part of CHI'2009, Y. Nakhimovsky, D. Eckles, and J. Rigelsberger (Eds.).

[7]

Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, and Heinrich Hussmann. 2012. Touch Me Once and I Know It's You!: Implicit Authentication Based on Touch Screen Patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '12). ACM, NY, NY, USA, 987--996.

Digital Library

[8]

Serge Egelman, Sakshi Jain, Rebecca S. Portnoff, Kerwell Liao, Sunny Consolvo, and David Wagner. 2014. Are You Ready to Lock?. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). ACM, NY, NY, USA, 750--761.

Digital Library

[9]

Denzil Ferreira, Jorge Goncalves, Vassilis Kostakos, Louise Barkhuus, and Anind K. Dey. 2014. Contextual Experience Sampling of Mobile Application Micro-usage. In Proceedings of the 16th International Conference on Human-computer Interaction with Mobile Devices & Services (MobileHCI '14). ACM, NY, NY, USA, 91--100.

Digital Library

[10]

Arpan Gupta, Markus Miettinen, N. Asokan, and Mate Nagy. 2012. Intuitive security policy configuration in mobile devices using context pro?ling. In 2012 International Conference on Privacy, Security, Risk and Trust (PASSAT) and 2012 International Confernece on Social Computing (SocialCom). IEEE, 471--480.

Digital Library

[11]

Alina Hang, Emanuel von Zezschwitz, Alexander De Luca, and Heinrich Hussmann. 2012. Too Much Information!: User Attitudes Towards Smartphone Sharing. In Proceedings of the 7th Nordic Conference on Human-Computer Interaction: Making Sense Through Design (NordiCHI '12). ACM, NY, NY, USA, 284--287.

Digital Library

[12]

Marian Harbach, Emanuel von Zezschwitz, Andreas Fichtner, Alexander De Luca, and Matthew Smith. 2014. It's a Hard Lock Life: A Field Study of Smartphone (Un) Locking Behavior and Risk Perception. In Symposium on Usable Privacy and Security (SOUPS '14). 213--230.

[13]

Eiji Hayashi, Sauvik Das, Shahriyar Amini, Jason Hong, and Ian Oakley. 2013. CASA: Context-aware Scalable Authentication. In Proceedings of the Ninth Symposium on Usable Privacy and Security (SOUPS '13). ACM, NY, NY, USA, Article 3, 10 pages.

Digital Library

[14]

Eiji Hayashi, Oriana Riva, Karin Strauss, A. J. Bernheim Brush, and Stuart Schechter. 2012. Goldilocks and the Two Mobile Devices: Going Beyond All-or-nothing Access to a Device's Applications. In Proceedings of the Eighth Symposium on Usable Privacy and Security (SOUPS '12). ACM, NY, NY, USA, Article 2, 11 pages.

Digital Library

[15]

Amy K. Karlson, A.J. Bernheim Brush, and Stuart Schechter. 2009. Can I Borrow Your Phone?: Understanding Concerns when Sharing Mobile Phones. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '09). ACM, NY, NY, USA, 1647-1650.

Digital Library

[16]

Taekyoung Kwon and Sarang Na. 2014. TinyLock: Affordable defense against smudge attacks on smartphone pattern lock systems. Computers & Security 42 (2014), 137--150.

[17]

Nicholas Micallef, Mike Just, Lynne Baillie, Martin Halvey, and Hilmi Günes¸ Kayacik. 2015. Why Aren't Users Using Protection? Investigating the Usability of Smartphone Locking. In Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI '15). ACM, NY, NY, USA, 284--294.

Digital Library

[18]

Ildar Muslukhov, Yazan Boshmaf, Cynthia Kuo, Jonathan Lester, and Konstantin Beznosov. 2013. Know Your Enemy: The Risk of Unauthorized Access in Smartphones by Insiders. In Proceedings of the 15th International Conference on Human-computer Interaction with Mobile Devices and Services (MobileHCI '13). ACM, NY, NY, USA, 271--280.

Digital Library

[19]

Stefan Schneegass, Frank Steimle, Andreas Bulling, Florian Alt, and Albrecht Schmidt. 2014. SmudgeSafe: Geometric Image Transformations for Smudge-resistant User Authentication. In Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing (UbiComp '14). ACM, NY, NY, USA, 775--786.

Digital Library

[20]

Julian Seifert, Alexander De Luca, Bettina Conradi, and Heinrich Hussmann. 2010. TreasurePhone: Context-sensitive User Data Protection on Mobile Phones. In Proceedings of the 8th International Conference on Pervasive Computing (Pervasive'10). Springer-Verlag, Berlin, Heidelberg, 130--137.

Digital Library

[21]

Tetsuji Takada and Yuki Kokubun. 2013. Extended PIN Authentication Scheme Allowing Multi-Touch Key Input. In Proceedings of International Conference on Advances in Mobile Computing & Multimedia (MoMM '13). ACM, NY, NY, USA, Article 307, 4 pages.

Digital Library

[22]

Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, and Thorsten Holz. 2013. Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS '13). ACM, NY, NY, USA, 161--172.

Digital Library

[23]

Emanuel von Zezschwitz, Alexander De Luca, Bruno Brunkow, and Heinrich Hussmann. 2015a. SwiPIN: Fast and Secure PIN-Entry on Smartphones. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). ACM, NY, NY, USA, 1403--1406.

Digital Library

[24]

Emanuel von Zezschwitz, Alexander De Luca, Philipp Janssen, and Heinrich Hussmann. 2015b. Easy to Draw, but Hard to Trace?: On the Observability of Grid-based (Un)Lock Patterns. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). ACM, NY, NY, USA, 2339--2342.

Digital Library

[25]

Emanuel von Zezschwitz, Paul Dunphy, and Alexander De Luca. 2013a. Patterns in the Wild: A Field Study of the Usability of Pattern and Pin-based Authentication on Mobile Devices. In Proceedings of the 15th International Conference on Human-computer Interaction with Mobile Devices and Services (MobileHCI '13). ACM, NY, NY, USA, 261--270.

Digital Library

[26]

Emanuel von Zezschwitz, Anton Koslow, Alexander De Luca, and Heinrich Hussmann. 2013b. Making Graphic-based Authentication Secure Against Smudge Attacks. In Proceedings of the 2013 International Conference on Intelligent User Interfaces (IUI '13). ACM, NY, NY, USA, 277--286.

Digital Library

[27]

Tingxin Yan, David Chu, Deepak Ganesan, Aman Kansal, and Jie Liu. 2012. Fast App Launching for Mobile Devices Using Predictive User Context. In Proceedings of the 10th International Conference on Mobile Systems, Applications, and Services (MobiSys '12). ACM, NY, NY, USA, 113--126.

Digital Library

[28]

Nan Zheng, Kun Bai, Hai Huang, and Haining Wang. 2014. You Are How You Touch: User Verification on Smartphones via Tapping Behaviors. In 2014 IEEE 22nd International Conference on Network Protocols (ICNP). IEEE, 221--232.

Digital Library

Cited By

Olade ILiang HFleming C(2023)Story-based authentication for mobile devices using semantically-linked imagesInternational Journal of Human-Computer Studies10.1016/j.ijhcs.2022.102967171:COnline publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1016/j.ijhcs.2022.102967
Chen JHengartner UKhan HChiasson SKapadia A(2022)Sharing without scaringProceedings of the Eighteenth USENIX Conference on Usable Privacy and Security10.5555/3563609.3563645(671-685)Online publication date: 8-Aug-2022
https://dl.acm.org/doi/10.5555/3563609.3563645
Mayrhofer RSigg S(2021)Adversary Models for Mobile Device AuthenticationACM Computing Surveys10.1145/347760154:9(1-35)Online publication date: 8-Oct-2021
https://dl.acm.org/doi/10.1145/3477601
Show More Cited By

Index Terms

SnapApp: Reducing Authentication Overhead with a Time-Constrained Fast Unlock Option
1. Human-centered computing

Recommendations

PhishEye: Live Monitoring of Sandboxed Phishing Kits
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security

Phishing is a form of online identity theft that deceives unaware users into disclosing their confidential information. While significant effort has been devoted to the mitigation of phishing attacks, much less is known about the entire life-cycle of ...
Dark Patterns in the Wild: Review of Cookie Disclaimer Designs on Top 500 German Websites
EuroUSEC '21: Proceedings of the 2021 European Symposium on Usable Security

Cookie disclaimers are these days an indispensable part of surfing and working on the Internet. In this work, we report on examining and classifying the cookie disclaimers on the 500 most popular websites in Germany, based on the presented information ...
A real world study on employees' susceptibility to phishing attacks
ARES '20: Proceedings of the 15th International Conference on Availability, Reliability and Security

Phishing email attacks have been around for fifteen years but they are still among the top security risks faced by organisations. The most common approach to mitigate these attacks is employees' education and awareness. Employees' awareness on phishing ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI '16: Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems

May 2016

6108 pages

ISBN:9781450333627

DOI:10.1145/2858036

General Chairs:
Jofish Kaye
Yahoo
,
Allison Druin
University of Maryland / National Park Service
,
Program Chairs:
Cliff Lampe
University of Michigan
,
Dan Morris
Microsoft
,
Juan Pablo Hourcade
University of Iowa

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 May 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CHI'16

Sponsor:

SIGCHI

CHI'16: CHI Conference on Human Factors in Computing Systems

May 7 - 12, 2016

California, San Jose, USA

Acceptance Rates

CHI '16 Paper Acceptance Rate 565 of 2,435 submissions, 23%;

Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

Upcoming Conference

CHI 2025

Sponsor:
sigchi

ACM CHI Conference on Human Factors in Computing Systems

April 26 - May 1, 2025

Yokohama , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
391
Total Downloads

Downloads (Last 12 months)19
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Olade ILiang HFleming C(2023)Story-based authentication for mobile devices using semantically-linked imagesInternational Journal of Human-Computer Studies10.1016/j.ijhcs.2022.102967171:COnline publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1016/j.ijhcs.2022.102967
Chen JHengartner UKhan HChiasson SKapadia A(2022)Sharing without scaringProceedings of the Eighteenth USENIX Conference on Usable Privacy and Security10.5555/3563609.3563645(671-685)Online publication date: 8-Aug-2022
https://dl.acm.org/doi/10.5555/3563609.3563645
Mayrhofer RSigg S(2021)Adversary Models for Mobile Device AuthenticationACM Computing Surveys10.1145/347760154:9(1-35)Online publication date: 8-Oct-2021
https://dl.acm.org/doi/10.1145/3477601
Radiah RMäkelä VPrange SRodriguez SPiening RZhou YKöhle KPfeuffer KAbdelrahman YHoppe MSchmidt AAlt F(2021)Remote VR Studies: A Framework for Running Virtual Reality Studies Remotely Via Participant-Owned HMDsACM Transactions on Computer-Human Interaction10.1145/347261728:6(1-36)Online publication date: 15-Nov-2021
https://dl.acm.org/doi/10.1145/3472617
Liang CYu CWei XXu XHu YWang YShi YKitamura YQuigley AIsbister KIgarashi TBjørn PDrucker S(2021)Auth+Track: Enabling Authentication Free Interaction on Smartphone by Continuous User TrackingProceedings of the 2021 CHI Conference on Human Factors in Computing Systems10.1145/3411764.3445624(1-16)Online publication date: 6-May-2021
https://dl.acm.org/doi/10.1145/3411764.3445624
Khan HCeci JStegman JAviv ADara RKuber R(2020)Widely Reused and Shared, Infrequently Updated, and Sometimes Inherited: A Holistic View of PIN Authentication in Digital Lives and BeyondProceedings of the 36th Annual Computer Security Applications Conference10.1145/3427228.3427240(249-262)Online publication date: 7-Dec-2020
https://dl.acm.org/doi/10.1145/3427228.3427240
Prange SMecke LNguyen AKhamis MAlt F(2020)Don't Use Fingerprint, it's Raining!Proceedings of the 2020 International Conference on Advanced Visual Interfaces10.1145/3399715.3399823(1-5)Online publication date: 28-Sep-2020
https://dl.acm.org/doi/10.1145/3399715.3399823
Mecke LRodriguez SBuschek DPrange SAlt F(2019)Communicating device confidence level and upcoming re-authentications in continuous authentication systems on mobile devicesProceedings of the Fifteenth USENIX Conference on Usable Privacy and Security10.5555/3361476.3361498(289-301)Online publication date: 12-Aug-2019
https://dl.acm.org/doi/10.5555/3361476.3361498
Prange SMecke LStadler MBalluff MKhamis MAlt FPaternò FJacucci GRohs MSantoro C(2019)Securing personal items in public spaceProceedings of the 18th International Conference on Mobile and Ubiquitous Multimedia10.1145/3365610.3365628(1-8)Online publication date: 26-Nov-2019
https://dl.acm.org/doi/10.1145/3365610.3365628
Reuter CHäusser KBien MHerbert F(2019)Between Effort and SecurityProceedings of Mensch und Computer 201910.1145/3340764.3340770(287-297)Online publication date: 8-Sep-2019
https://dl.acm.org/doi/10.1145/3340764.3340770
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents