Harshal Tupsamudre
Sachin Lodha
ABSTRACT
Android's 3X3 graphical pattern lock scheme is one of the widely used authentication method on smartphone devices. However, users choose 3X3 patterns from a small subspace of all possible 389,112 patterns. The two recently proposed interfaces, SysPal by Cho et al. and TinPal by the authors, demonstrate that it is possible to influence users 3X3 pattern choices by making small modifications in the existing interface. While SysPal forces users to include one, two or three system-assigned random dots in their pattern, TinPal employs highlighting mechanism to inform users about the set of reachable dots from the current selected dot. Both interfaces improved the security of 3X3 patterns without affecting usability, but no comparison between SysPal and TinPal was presented. To address this gap, we conduct a new user study with 147 participants and collect patterns on three SysPal interfaces, 1-dot, 2-dot and 3-dot. We compare SysPal and TinPal patterns using a range of security and usability metrics including pattern length, stroke length, guessability, recall time and login attempts. Overall, we found that patterns created on TinPal were significantly longer and offered more resistance to guessing attacks.
- Aviv et al. 2015. Is Bigger Better? Comparing User-Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android's Pattern Unlock (ACSAC'15). ACM, 301--310.Google Scholar
- G. Cho et al. 2017. SysPal: System-Guided Pattern Locks for Android (S&P'17). IEEE, 338--356.Google Scholar
- Panagiotis et al. 2014. Complexity Metrics and User Strength Perceptions of the Pattern-Lock Graphical Authentication Method (HAS'14). Springer, 115--126.Google Scholar
- Sun et al. 2014. Dissecting Pattern Unlock. J. Inf. Secur. Appl. (2014), 308--320.Google Scholar
- Tupsamudre et al. 2017. Pass-O: A Proposal to Improve the Security of Pattern Unlock Scheme (ASIA CCS'17). ACM, 400--407.Google Scholar
- Tupsamudre et al. 2018. TinPal: An Enhanced Interface for Pattern Locks (USEC'18). Internet Society.Google Scholar
- Uellenbeck et al. 2013. Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns (CCS'13). ACM, 161--172.Google Scholar
- Zezschwitz et al. 2015. Easy to Draw, but Hard to Trace?: On the Observability of Grid-based (Un)Lock Patterns (CHI'15). ACM, 2339--2342.Google Scholar
Index Terms
- Force vs. Nudge: Comparing Users' Pattern Choices on SysPal and TinPal
Recommendations
Evaluating the effect of user guidelines on creating click-draw based graphical passwords
RACS '12: Proceedings of the 2012 ACM Research in Applied Computation SymposiumGraphical passwords have become one of the possible alternatives for traditional text-based passwords in the aspect of user authentication on computers and networks. In general, this image-based authentication can be classified into three categories ...
A comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords
SOUPS '06: Proceedings of the second symposium on Usable privacy and securityPrevious research has found graphical passwords to be more memorable than non-dictionary or "strong" alphanumeric passwords. Participants in a prior study expressed concerns that this increase in memorability could also lead to an increased ...
Graphical Passwords for Older Computer Users
UIST '15 Adjunct: Adjunct Proceedings of the 28th Annual ACM Symposium on User Interface Software & TechnologyComputers and the internet have been challenging for many computer users over the age of 60. We conducted a survey of older users which revealed that the creation, management and recall of strong text passwords were some of the challenging aspects of ...
Comments