Skip to main content
SpringerLink
Log in

Bend Passwords: using gestures to authenticate on flexible devices

  • Original Article
  • Published:
Personal and Ubiquitous Computing Aims and scope Submit manuscript

Abstract

Upcoming mobile devices will have flexible displays, allowing us to explore alternate forms of user authentication. On flexible displays, users can interact with the device by deforming the surface of the display through bending. In this paper, we present Bend Passwords, a new type of user authentication that uses bend gestures as its input modality. We ran three user studies to evaluate the usability and security of Bend Passwords and compared it to PINs on a mobile phone. Our first two studies evaluated the creation and memorability of user-chosen and system-assigned passwords. The third study looked at the security problem of shoulder-surfing passwords on mobile devices. Our results show that bend passwords are a promising authentication mechanism for flexible display devices. We provide eight design recommendations for implementing Bend Passwords on flexible display devices.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Notes

  1. Shoulder-surfing is an attack where malicious users learn a password by observing its entry on the device. These attacks are common in public places such as bus stops and coffee shops.

  2. Parts of this user study were published as a poster with an extended abstract [56].

  3. Parts of this user study were published as a poster with an extended abstract [57].

References

  1. Mobile Technology Fact Sheet (2014) http://www.pewinternet.org/fact-sheets/mobile-technology-fact-sheet/. Accessed on 09 July 2015

  2. Adams A, Sasse MA (1999) Users are not the enemy. Commun ACM 42(12):40–46

    Article  Google Scholar 

  3. Beust C (2008) Cedric’s weblog: Android’s locking pattern. http://beust.com/weblog2/archives/000497.html. Accessed on 09 July 2015

  4. Aviv AJ, Gibson K, Mossop E, Blaze M, Smith JM (2010) Smudge attacks on smartphone touch screens. In: Proceedings of the conference on offensive technologies, 2010, pp 1–7

  5. Agomuoh F (2014) Samsung flexible display phone coming in 2015? http://www.ibtimes.com/samsung-flexible-display-phone-coming-2015-manufacturer-secretly-showcases-foldable-amoled-display. Accessed on 09-July 2015

  6. Kildal J, Paasovaara S, Aaltonen V (2012) Kinetic device: designing interactions with a deformable mobile interface. In: Proceedings of the 30th SIGCHI conference on human factors in computing systems extended abstracts (CHI-EA), 2012, pp 1871–1876

  7. Lahey B, Girouard A, Burleson W, Vertegaal R (2011) PaperPhone: understanding the use of bend gestures in mobile devices with flexible electronic paper displays. In: Proceedings of the 29th SIGCHI conference on human factors in computing systems, 2011, pp 1303–1312

  8. Schwesig C, Poupyrev I, Mori E (2004) Gummi: a bendable computer. In: Proceedings of the 22nd SIGCHI conference on human factors in computing systems, 2004, pp 263–270

  9. Watanabe J, Mochizuki A, Horry Y (2008) Bookisheet: bendable device for browsing content using the metaphor of leafing through the pages. In: Proceedings of the 10th international conference on ubiquitous computing, 2008, pp 360–369

  10. Wightman D, Ginn T, Vertegaal R (2011) BendFlip: examining input techniques for electronic book readers with flexible form factors. In: Proceedings of the 13th IFIP TC13 conference on human-computer interaction, 2011, pp 117–133

  11. Warren K, Lo J, Vadgama V, Girouard A (2013) Bending the rules: bend gesture classification for flexible displays. In: Proceedings of the 31st SIGCHI conference on human factors in computing systems, 2013, pp 607–610

  12. Ye Z, Khalid H (2010) Cobra: flexible displays for mobile gaming scenarios. In: Proceedings of the 28th SIGCHI conference on human factors in computing systems extended abstracts, 2010, pp 4363–4367

  13. Burstyn J, Banerjee A, Vertegaal R (2012) FlexView: an evaluation of depth navigation on deformable mobile devices. In: Proceedings of the 6th conference on tangible, embedded, embodied interaction, 2012, pp 193–200

  14. Lee S-S, Kim S, Jin B, Choi E, Kim B, Jia X, Kim D, Lee K (2010) How users manipulate deformable displays as input devices. In: Proceedings of the 28th SIGCHI conference on human factors in computing systems, 2010, pp 1647–1656

  15. Kildal J, Lucero A, Boberg M (2013) Twisting touch: combining deformation and touch as input within the same interaction cycle on handheld devices. In: Proceedings of the international conference on human-computer interaction with mobile devices and services, 2013, pp 237–246

  16. Steimle J, Jordt A, Maes P (2013) Flexpad: highly flexible bending interactions for projected handheld displays. In: Proceedings of the 31st SIGCHI conference on human factors in computing systems, 2013, pp 237–246

  17. Girouard A, Lo J, Riyadh M, Daliri F, Eady AK, Pasquero J (2015) One-handed bend interactions with deformable smartphones. In: Proceedings of the 33rd annual ACM conference on human factors in computing systems, 2015, pp 1509–1518

  18. Saltzer J, Schroeder M (1975) The protection of information in computer systems. In: Proceedings of the 4th symposium on operating system principles, 1975, vol 63, Issue 9, pp 1278–1308

  19. Yan J, Anderson R, Grant A (2005) The memorability and security of passwords. In: Cranor L, Garfinkel S (eds) O’Reilly media, pp 129–142

  20. Rogers J (2007) Please enter your 4-digit PIN. Financ. Serv. Technol. US Ed., no. 4

  21. Schaub F, Deyhle R, Weber M (2012) Password entry usability and shoulder surfing susceptibility on different smartphone platforms. In: Proceedings of the 11th international conference on mobile and ubiquitous multimedia, 2012, pp 13:1–13:10

  22. von Zezschwitz E, De Luca A, Hussmann H (2014) Honey, I shrunk the keys: influences of mobile devices on password composition and authentication performance. In: Proceedings of the 8th nordic conference on human-computer interaction: fun, fast, foundational, 2014, pp 461–470

  23. von Zezschwitz E, Dunphy P, De Luca A (2013) Patterns in the wild: a field study of the usability of pattern and pin-based authentication on mobile devices. In: Proceedings of the 15th international conference on human-computer interaction with mobile devices and services, 2013, pp 261–270

  24. De Luca A, Harbach M, von Zezschwitz E, Maurer M-E, Slawik BE, Hussmann H, Smith M (2014) Now you see me, now you don’t: protecting smartphone authentication from shoulder surfers. In: Proceedings of the 32nd SIGCHI conference on human factors in computing systems, 2014, pp 2937–2946

  25. Harbach M, von Zezschwitz E, Fichtner A, De Luca A, Smith M (2014) It’s a hard lock life: a field study of smartphone (un) locking behavior and risk perception. In: Symposium on usable privacy and security (SOUPS), 2014

  26. Apple’s TouchID (2015) https://www.apple.com/ca/iphone-6/touch-id/. Accessed on 09 July 2015

  27. Kit (2015) Try face unlock. https://support.google.com/nexus/answer/2781894?hl=en-CA. Accessed on 09 July 2015

  28. Bianchi A, Oakley I, Lee JK, Kwon DS (2010) The haptic wheel: design and evaluation of a tactile password system. In: Proceedings of the 28th SIGCHI conference on human factors in computing systems extended abstracts, 2010, pp 625–630

  29. Bianchi A, Oakley I, Kwon DS (2010) The secure haptic keypad: a tactile password system. In: Proceedings of the 28th SIGCHI conference on human factors in computing systems, 2010, pp 1089–1092

  30. Mott M, Donahue T, Poor GM, Leventhal L (2012) Leveraging motor learning for a tangible password system. In: Proceedings of the 30th SIGCHI conference on human factors in computing systems extended abstracts, 2012, pp 2597–2602

  31. Jain A, Hong L, Pankanti S (2000) Biometric identification. Commun ACM 43(2):90–98

    Article  Google Scholar 

  32. Bergadano F, Gunetti D, Picardi C (2002) User authentication through keystroke dynamics. ACM Trans Inf Syst Secur 5(4):367–397

    Article  Google Scholar 

  33. Chong MK, Marsden G, Gellersen H (2010) GesturePIN: using discrete gestures for associating mobile devices. In: Proceedings of the international conference on human computer interaction with mobile devices and services, 2010, pp 261–264

  34. Shahzada S, Chiasson S, Biddle R (2014) Gesture authentication for mobile devices. In: Who are you?! Adventures in authentication: WAY workshop, 2014, pp 1–2

  35. De Luca A, Von Zezschwitz E, Nguyen NDH, Maurer M-E, Rubegni E, Scipioni MP, Langheinrich M (2013) Back-of-device authentication on smartphones. In: Proceedings of the 31st SIGCHI conference on human factors in computing systems, 2013, pp 2389–2398

  36. Biddle R, Chiasson S, Van Oorschot PC (2012) Graphical passwords: learning from the first twelve years. ACM Comput Surv 44(4):19:1–19:41

  37. Faulkner L (2003) Beyond the five-user assumption: benefits of increased sample sizes in usability testing. Behav Res Methods Instrum Comput 35(3):379–383

    Article  Google Scholar 

  38. Florêncio D, Herley C, Coskun B (2007) Do strong web passwords accomplish anything? In: Proceedings of the 2nd USENIX workshop on hot topics in security, 2007, pp 10:1–10:6

  39. Tari F, Ozok AA, Holden SH (2006) A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords. In: Proceedings of the 2nd symposium on usable privacy and security, 2006, pp 56–66

  40. Bonneau J (2012) The science of guessing: analyzing an anonymized corpus of 70 million passwords. In: Proceedings of the symposium on security and privacy, 2012, pp 538–552

  41. Dell’Amico M, Michiardi P, Roudier Y (2010) Password strength: an empirical analysis. In: Proceedings of the 29th conference on information communications (INFOCOM), 2010, pp 983–991

  42. Florencio D, Herley C (2007) A large-scale study of web password habits. In: Proceedings of the international conference on world wide web (WWW), 2007, pp 657–666

  43. Inglesant PG, Sasse MA (2010) The true cost of unusable password policies: password use in the wild. In: Proceedings of the 28th SIGCHI conference on human factors in computing systems, 2010, pp 383–392

  44. Riley S (2006) Password security: what users know and what they actually do. Usability News 8(1):2833–2836

    Google Scholar 

  45. Zviran M, Haga WJ (1999) Password security: an empirical study. J Manag Inf Syst 15(4):161–185

    Article  Google Scholar 

  46. Shay R, Komanduri S, Kelley PG, Leon PG, Mazurek ML, Bauer L, Christin N, Cranor LF (2010) Encountering stronger password requirements: user attitudes and behaviors. In: Proceedings of the 6th symposium on usable privacy and security, 2010, pp 2:1–2:20

  47. Weir M, Aggarwal S, Collins M, Stern H (2010) Testing metrics for password creation policies by attacking large sets of revealed passwords. In: Proceedings of the 17th ACM conference on computer and communications security, 2010, pp 162–175

  48. Ur B, Kelley PG, Komanduri S, Lee J, Maass M, Mazurek ML, Passaro T, Shay R, Vidas T, Bauer L, Christin N, Cranor LF (2012) How does your password measure up? The effect of strength meters on password creation. In Proceedings of the 21st USENIX conference on security symposium, 2012, p 5

  49. Egelman S, Sotirakopoulos A, Muslukhov I, Beznosov K, Herley C (2013) Does my password go up to eleven? The impact of password meters on password selection. In: Proceedings of the 31st SIGCHI conference on human factors in computing systems, 2013, pp 2379–2388

  50. Kildal J, Wilson G (2012) Feeling it: the roles of stiffness, deformation range and feedback in the control of deformable UI. In: Proceedings of the 14th ACM international conference on multimodal interaction, 2012, pp 393–400

  51. Eichenbaum H (2011) The cognitive neuroscience of memory: an introduction. Oxford University Press, Oxford

    Book  Google Scholar 

  52. Baars BJ (1986) A cognitive theory of consciousness. Cambridge University Press, Cambridge

    Google Scholar 

  53. Schaub F, Walch M, Könings B, Weber M (2013) Exploring the design space of graphical passwords on smartphones. In: Proceedings of the 9th symposium on usable privacy and security, 2013, pp 11:1–11:14

  54. Levenshtein VI (1966) Binary codes capable of correcting deletions, insertions, and reversals. Sov Phys Dokl 10(8):707–710

    MathSciNet  MATH  Google Scholar 

  55. Hansen WJ (1971) User engineering principles for interactive systems. In: Proceedings of the fall joint computer conference, 1971, pp 523–532

  56. Maqsood S, Chiasson S, Girouard A (2013) Poster: passwords on flexible display devices. In: Proceedings of the SIGSAC conference on Computer & communications security (CCS), 2013, pp 1469–1472

  57. Maqsood S (2014) Poster: shoulder surfing susceptibility of bend passwords. In: Proceedings of the SIGCHI conference on human factors in computing systems extended abstracts (CHI-EA), 2014, pp 915–920

Download references

Acknowledgments

This work was supported by the Natural Sciences and Engineering Research Council of Canada (NSERC). Sonia Chiasson holds a Canada Research Chair in Human Oriented Computer Security and acknowledges funding for the Chair and Discovery Grants. Audrey Girouard also acknowledges funding for her Discovery Grant. The authors also acknowledge funding from NSERC ISSNet.

Author information

Authors and Affiliations

  1. School of Computer Science, Carleton University, Ottawa, Canada

    Sana Maqsood & Sonia Chiasson

  2. School of Information Technology, Carleton University, Ottawa, Canada

    Audrey Girouard

Authors
  1. Sana Maqsood
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sonia Chiasson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Audrey Girouard
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sonia Chiasson.

Appendix

Appendix

See Fig. 12.

Fig. 12
figure 12

The set of bend gestures available on the flexible display prototype

Full size image

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Maqsood, S., Chiasson, S. & Girouard, A. Bend Passwords: using gestures to authenticate on flexible devices. Pers Ubiquit Comput 20, 573–600 (2016). https://doi.org/10.1007/s00779-016-0928-6

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00779-016-0928-6

Keywords

Search

Navigation