ABSTRACT
Gestures drawn on touchscreens have been proposed as an authentication method to secure access to smartphones. They provide good usability and a theoretically large password space. However, recent work has demonstrated that users tend to select simple or similar gestures as their passwords, rendering them susceptible to dictionary based guessing attacks. To improve their security, this paper describes a novel gesture password strength meter that interactively provides security assessments and improvement suggestions based on a scoring algorithm that combines a probabilistic model, a gesture dictionary, and a set of novel stroke heuristics. We evaluate this system in both online and offline settings and show it supports creation of gestures that are significantly more resistant to guessing attacks (by up to 67%) while also maintaining performance on usability metrics such as recall success rate and time. We conclude that gesture password strength meters can help users select more secure gesture passwords.
Supplemental Material
- Lisa Anthony, Radu-Daniel Vatavu, and Jacob O. Wobbrock. 2013. Understanding the Consistency of Users’ Pen and Finger Stroke Gesture Articulation. In Proceedings of Graphics Interface 2013 (Regina, Sascatchewan, Canada) (GI ’13). Canadian Information Processing Society, CAN, 87–94.Google ScholarDigital Library
- Lisa Anthony and Jacob O. Wobbrock. 2012. $N-Protractor: A Fast and Accurate Multistroke Recognizer. In Proceedings of Graphics Interface 2012 (Toronto, Ontario, Canada) (GI ’12). Canadian Information Processing Society, CAN, 117–120.Google Scholar
- Adam J. Aviv, Devon Budzitowski, and Ravi Kuber. 2015. Is Bigger Better? Comparing User-Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android’s Pattern Unlock. In Proceedings of the 31st Annual Computer Security Applications Conference (Los Angeles, CA, USA) (ACSAC 2015). Association for Computing Machinery, New York, NY, USA, 301–310. https://doi.org/10.1145/2818000.2818014Google ScholarDigital Library
- Adam J. Aviv and Dane Fichter. 2014. Understanding Visual Perceptions of Usability and Security of Android’s Graphical Password Pattern. In Proceedings of the 30th Annual Computer Security Applications Conference (New Orleans, Louisiana, USA) (ACSAC ’14). Association for Computing Machinery, New York, NY, USA, 286–295. https://doi.org/10.1145/2664243.2664253Google ScholarDigital Library
- Aaron Bangor, Philip Kortum, and James Miller. 2009. Determining what individual SUS scores mean: Adding an adjective rating scale. Journal of usability studies (JUS) 4, 3 (2009), 114–123.Google ScholarDigital Library
- Rachel Blagojevic, Samuel Hsiao-Heng Chang, and Beryl Plimmer. 2010. The Power of Automatic Feature Selection: Rubine on Steroids. In Proceedings of the Seventh Sketch-Based Interfaces and Modeling Symposium (Annecy, France) (SBIM ’10). Eurographics Association, Goslar, DEU, 79–86.Google ScholarDigital Library
- Joseph Bonneau. 2012. The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords. In Proceedings of the 2012 IEEE Symposium on Security and Privacy(SP ’12). IEEE Computer Society, USA, 538–552. https://doi.org/10.1109/SP.2012.49Google ScholarDigital Library
- L. Bošnjak, J. Sreš, and B. Brumen. 2018. Brute-force and dictionary attack on hashed real-world passwords. In 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). IEEE Computer Society, USA, 1161–1166. https://doi.org/10.23919/MIPRO.2018.8400211Google ScholarCross Ref
- Virginia Braun and Victoria Clarke. 2006. Using thematic analysis in psychology. Qualitative Research in Psychology 3, 2 (2006), 77–101. https://doi.org/10.1191/1478088706qp063oaGoogle ScholarCross Ref
- John Brooke 1996. SUS-A quick and dirty usability scale. Usability evaluation in industry 189, 194 (1996), 4–7.Google Scholar
- Xavier De Carné De Carnavalet and Mohammad Mannan. 2015. A Large-Scale Evaluation of High-Impact Password Strength Meters. ACM Trans. Inf. Syst. Secur. 18, 1, Article 1 (may 2015), 32 pages. https://doi.org/10.1145/2739044Google ScholarDigital Library
- Claude Castelluccia, Markus Dürmuth, and Daniele Perito. 2012. Adaptive Password-Strength Meters from Markov Models. In 19th Annual Network and Distributed System Security Symposium, NDSS 2012, San Diego, California, USA, February 5-8, 2012. The Internet Society, Reston, VA, USA, 14 pages. https://www.ndss-symposium.org/ndss2012/adaptive-password-strength-meters-markov-modelsGoogle Scholar
- Seunghun Cha, Sungsu Kwag, Hyoungshick Kim, and Jun Ho Huh. 2017. Boosting the Guessing Attack Performance on Android Lock Patterns with Smudge Attacks. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security(Abu Dhabi, United Arab Emirates) (ASIA CCS ’17). Association for Computing Machinery, New York, NY, USA, 313–326. https://doi.org/10.1145/3052973.3052989Google ScholarDigital Library
- Eunyong Cheon, Yonghwan Shin, Jun Ho Huh, Hyoungshick Kim, and Ian Oakley. 2020. Gesture Authentication for Smartphones: Evaluation of Gesture Password Selection Policies. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, USA, 249–267. https://doi.org/10.1109/SP40000.2020.00034Google ScholarCross Ref
- Geumhwan Cho, Jun Ho Huh, Junsung Cho, Seongyeol Oh, Youngbae Song, and Hyoungshick Kim. 2017. SysPal: System-Guided Pattern Locks for Android. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, USA, 338–356. https://doi.org/10.1109/SP.2017.61Google ScholarCross Ref
- Gradeigh D. Clark, Janne Lindqvist, and Antti Oulasvirta. 2017. Composition policies for gesture passwords: User choice, security, usability and memorability. In 2017 IEEE Conference on Communications and Network Security (CNS). IEEE Computer Society, USA, 1–9. https://doi.org/10.1109/CNS.2017.8228644Google ScholarCross Ref
- Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, and XiaoFeng Wang. 2014. The Tangled Web of Password Reuse. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014. The Internet Society, Reston, VA, USA, 15 pages. https://www.ndss-symposium.org/ndss2014/tangled-web-password-reuseGoogle Scholar
- Xavier de Carné de Carnavalet and Mohammad Mannan. 2014. From Very Weak to Very Strong: Analyzing Password-Strength Meters. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014. The Internet Society, Reston, VA, USA, 16 pages. https://www.ndss-symposium.org/ndss2014/very-weak-very-strong-analyzing-password-strength-metersGoogle ScholarCross Ref
- Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, and Heinrich Hussmann. 2012. Touch Me Once and i Know It’s You! Implicit Authentication Based on Touch Screen Patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Austin, Texas, USA) (CHI ’12). Association for Computing Machinery, New York, NY, USA, 987–996. https://doi.org/10.1145/2207676.2208544Google ScholarDigital Library
- Alexander De Luca, Alina Hang, Emanuel von Zezschwitz, and Heinrich Hussmann. 2015. I Feel Like I’m Taking Selfies All Day! Towards Understanding Biometric Authentication on Smartphones. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (Seoul, Republic of Korea) (CHI ’15). Association for Computing Machinery, New York, NY, USA, 1411–1414. https://doi.org/10.1145/2702123.2702141Google ScholarDigital Library
- David H Douglas and Thomas K Peucker. 1973. Algorithms for the Reduction of the Number of Points Required to Represent a Digitized Line or its Caricature. Cartographica: The International Journal for Geographic Information and Geovisualization 10, 2 (1973), 112–122. https://doi.org/10.3138/FM57-6770-U75U-7727Google ScholarCross Ref
- Serge Egelman, Andreas Sotirakopoulos, Ildar Muslukhov, Konstantin Beznosov, and Cormac Herley. 2013. Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Paris, France) (CHI ’13). Association for Computing Machinery, New York, NY, USA, 2379–2388. https://doi.org/10.1145/2470654.2481329Google ScholarDigital Library
- Alain Forget, Sonia Chiasson, and Robert Biddle. 2010. Shoulder-Surfing Resistance with Eye-Gaze Entry in Cued-Recall Graphical Passwords. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Atlanta, Georgia, USA) (CHI ’10). Association for Computing Machinery, New York, NY, USA, 1107–1110. https://doi.org/10.1145/1753326.1753491Google ScholarDigital Library
- Alain Forget, Sonia Chiasson, P. C. van Oorschot, and Robert Biddle. 2008. Improving Text Passwords through Persuasion. In Proceedings of the 4th Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, USA) (SOUPS ’08). Association for Computing Machinery, New York, NY, USA, 1–12. https://doi.org/10.1145/1408664.1408666Google ScholarDigital Library
- Steven Furnell, Warut Khern-am nuai, Rawan Esmael, Weining Yang, and Ninghui Li. 2018. Enhancing security behaviour by supporting the user. Computers & Security 75 (06 2018). https://doi.org/10.1016/j.cose.2018.01.016Google ScholarCross Ref
- Javier Galbally, Iwen Coisel, and Ignacio Sanchez. 2017. A New Multimodal Approach for Password Strength Estimation—Part I: Theory and Algorithms. IEEE Transactions on Information Forensics and Security 12, 12(2017), 2829–2844. https://doi.org/10.1109/TIFS.2016.2636092Google ScholarDigital Library
- Rebecca A. Grier. 2015. How High is High? A Meta-Analysis of NASA-TLX Global Workload Scores. Proceedings of the Human Factors and Ergonomics Society Annual Meeting 59, 1(2015), 1727–1731. https://doi.org/10.1177/1541931215591373 arXiv:https://doi.org/10.1177/1541931215591373Google ScholarCross Ref
- Sandra G. Hart and Lowell E. Staveland. 1988. Development of NASA-TLX (Task Load Index): Results of Empirical and Theoretical Research. In Human Mental Workload, Peter A. Hancock and Najmedin Meshkati (Eds.). Advances in Psychology, Vol. 52. North-Holland, Amsterdam, Netherlands, 139–183. https://doi.org/10.1016/S0166-4115(08)62386-9Google ScholarCross Ref
- Shiva Houshmand and Sudhir Aggarwal. 2012. Building Better Passwords Using Probabilistic Techniques. In Proceedings of the 28th Annual Computer Security Applications Conference (Orlando, Florida, USA) (ACSAC ’12). Association for Computing Machinery, New York, NY, USA, 109–118. https://doi.org/10.1145/2420950.2420966Google ScholarDigital Library
- Ryan Kennedy, Scott Clifford, Tyler Burleigh, Philip D. Waggoner, Ryan Jewell, and Nicholas J. G. Winter. 2020. The shape of and solutions to the MTurk quality crisis. Political Science Research and Methods 8, 4 (2020), 614–629. https://doi.org/10.1017/psrm.2020.6Google ScholarCross Ref
- Hyoungshick Kim and Jun Ho Huh. 2012. PIN Selection Policies: Are They Really Effective?Comput. Secur. 31, 4 (jun 2012), 484–496. https://doi.org/10.1016/j.cose.2012.02.003Google ScholarDigital Library
- Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Serge Egelman. 2011. Of Passwords and People: Measuring the Effect of Password-Composition Policies. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Vancouver, BC, Canada) (CHI ’11). Association for Computing Machinery, New York, NY, USA, 2595–2604. https://doi.org/10.1145/1978942.1979321Google ScholarDigital Library
- Cynthia Kuo, Sasha Romanosky, and Lorrie Faith Cranor. 2006. Human Selection of Mnemonic Phrase-Based Passwords. In Proceedings of the Second Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, USA) (SOUPS ’06). Association for Computing Machinery, New York, NY, USA, 67–78. https://doi.org/10.1145/1143120.1143129Google ScholarDigital Library
- Luis Leiva, Radu-Daniel Vatavu, Daniel Martín-Albo, and Réjean Plamondon. 2020. Omnis Prædictio: Estimating the Full Spectrum of Human Performance with Stroke Gestures. International Journal of Human-Computer Studies 142 (05 2020), 102466. https://doi.org/10.1016/j.ijhcs.2020.102466Google ScholarCross Ref
- Yang Li. 2010. Protractor: A Fast and Accurate Gesture Recognizer. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Atlanta, Georgia, USA) (CHI ’10). Association for Computing Machinery, New York, NY, USA, 2169–2172. https://doi.org/10.1145/1753326.1753654Google ScholarDigital Library
- Can Liu, Gradeigh D. Clark, and Janne Lindqvist. 2017. Guessing Attacks on User-Generated Gesture Passwords. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 1, 1, Article 3 (mar 2017), 24 pages. https://doi.org/10.1145/3053331Google ScholarDigital Library
- Can Liu, Gradeigh D. Clark, and Janne Lindqvist. 2017. Where Usability and Security Go Hand-in-Hand: Robust Gesture-Based Authentication for Mobile Systems. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (Denver, Colorado, USA) (CHI ’17). Association for Computing Machinery, New York, NY, USA, 374–386. https://doi.org/10.1145/3025453.3025879Google ScholarDigital Library
- A. Chris Long, James A. Landay, Lawrence A. Rowe, and Joseph Michiels. 2000. Visual Similarity of Pen Gestures. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (The Hague, The Netherlands) (CHI ’00). Association for Computing Machinery, New York, NY, USA, 360–367. https://doi.org/10.1145/332040.332458Google ScholarDigital Library
- Jerry Ma, Weining Yang, Min Luo, and Ninghui Li. 2014. A Study of Probabilistic Password Models. In Proceedings of the 2014 IEEE Symposium on Security and Privacy(SP ’14). IEEE Computer Society, USA, 689–704. https://doi.org/10.1109/SP.2014.50Google ScholarDigital Library
- Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Dürmuth, and Adam J. Aviv. 2020. This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, USA, 286–303. https://doi.org/10.1109/SP40000.2020.00100Google ScholarCross Ref
- Michelle L. Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, and Blase Ur. 2013. Measuring Password Guessability for an Entire University. In Proceedings of the 2013 ACM SIGSAC Conference on Computer &; Communications Security (Berlin, Germany) (CCS ’13). Association for Computing Machinery, New York, NY, USA, 173–186. https://doi.org/10.1145/2508859.2516726Google ScholarDigital Library
- William Melicher, Darya Kurilova, Sean M. Segreti, Pranshu Kalvani, Richard Shay, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Michelle L. Mazurek. 2016. Usability and Security of Text Passwords on Mobile Devices. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (San Jose, California, USA) (CHI ’16). Association for Computing Machinery, New York, NY, USA, 527–539. https://doi.org/10.1145/2858036.2858384Google ScholarDigital Library
- Antti Pirhonen, Stephen Brewster, and Christopher Holguin. 2002. Gestural and Audio Metaphors as a Means of Control for Mobile Devices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Minneapolis, Minnesota, USA) (CHI ’02). Association for Computing Machinery, New York, NY, USA, 291–298. https://doi.org/10.1145/503376.503428Google ScholarDigital Library
- Robert W Proctor, Mei-Ching Lien, Kim-Phuong L Vu, E Eugene Schultz, and Gavriel Salvendy. 2002. Improving computer security for authentication of users: Influence of proactive password restrictions. Behavior Research Methods, Instruments, & Computers 34, 2 (2002), 163–169.Google ScholarCross Ref
- George E. Raptis, Christina Katsini, Andrew Jian-lan Cen, Nalin Asanka Gamagedara Arachchilage, and Lennart E. Nacke. 2021. Better, Funner, Stronger: A Gameful Approach to Nudge People into Making Less Predictable Graphical Password Choices. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (Yokohama, Japan) (CHI ’21). Association for Computing Machinery, New York, NY, USA, Article 112, 17 pages. https://doi.org/10.1145/3411764.3445658Google ScholarDigital Library
- Napa Sae-Bae, Kowsar Ahmed, Katherine Isbister, and Nasir Memon. 2012. Biometric-Rich Gestures: A Novel Approach to Authentication on Multi-Touch Devices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Austin, Texas, USA) (CHI ’12). Association for Computing Machinery, New York, NY, USA, 977–986. https://doi.org/10.1145/2207676.2208543Google ScholarDigital Library
- Alireza Sahami Shirazi, Peyman Moghadam, Hamed Ketabdar, and Albrecht Schmidt. 2012. Assessing the Vulnerability of Magnetic Gestural Authentication to Video-Based Shoulder Surfing Attacks. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Austin, Texas, USA) (CHI ’12). Association for Computing Machinery, New York, NY, USA, 2045–2048. https://doi.org/10.1145/2207676.2208352Google ScholarDigital Library
- Apple Platform Security. 2022. Face ID, touch ID, passcodes, and passwords. Retrieved Dec 14th 2022 from https://support.apple.com/guide/security/face-id-touch-id-passcodes-and-passwords-sec9479035f1/web.Google Scholar
- Richard Shay, Saranga Komanduri, Patrick Gage Kelley, Pedro Giovanni Leon, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2010. Encountering Stronger Password Requirements: User Attitudes and Behaviors. In Proceedings of the Sixth Symposium on Usable Privacy and Security (Redmond, Washington, USA) (SOUPS ’10). Association for Computing Machinery, New York, NY, USA, Article 2, 20 pages. https://doi.org/10.1145/1837110.1837113Google ScholarDigital Library
- Michael Sherman, Gradeigh Clark, Yulong Yang, Shridatt Sugrim, Arttu Modig, Janne Lindqvist, Antti Oulasvirta, and Teemu Roos. 2014. User-Generated Free-Form Gestures for Authentication: Security and Memorability. In Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services (Bretton Woods, New Hampshire, USA) (MobiSys ’14). Association for Computing Machinery, New York, NY, USA, 176–189. https://doi.org/10.1145/2594368.2594375Google ScholarDigital Library
- Hansub Shin, Sungyong Sim, Hyukyoon Kwon, Sangheum Hwang, and Younho Lee. 2022. A new smart smudge attack using CNN. International Journal of Information Security 21, 1 (2022), 25–36.Google ScholarDigital Library
- M.A. Shukran and M.S.B. Ariffin. 2012. Kinect-based gesture password recognition. Australian Journal of Basic and Applied Sciences 6 (08 2012), 492–499.Google Scholar
- Youngbae Song, Geumhwan Cho, Seongyeol Oh, Hyoungshick Kim, and Jun Ho Huh. 2015. On the Effectiveness of Pattern Lock Strength Meters: Measuring the Strength of Real World Pattern Locks. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (Seoul, Republic of Korea) (CHI ’15). Association for Computing Machinery, New York, NY, USA, 2343–2352. https://doi.org/10.1145/2702123.2702365Google ScholarDigital Library
- Khai N. Truong, Thariq Shihipar, and Daniel J. Wigdor. 2014. Slide to X: Unlocking the Potential of Smartphone Unlocking. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Toronto, Ontario, Canada) (CHI ’14). Association for Computing Machinery, New York, NY, USA, 3635–3644. https://doi.org/10.1145/2556288.2557044Google ScholarDigital Library
- Huawei Tu, Xiangshi Ren, and Shumin Zhai. 2012. A Comparative Evaluation of Finger and Pen Stroke Gestures. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Austin, Texas, USA) (CHI ’12). Association for Computing Machinery, New York, NY, USA, 1287–1296. https://doi.org/10.1145/2207676.2208584Google ScholarDigital Library
- Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, and Thorsten Holz. 2013. Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns. In Proceedings of the 2013 ACM SIGSAC Conference on Computer &; Communications Security (Berlin, Germany) (CCS ’13). Association for Computing Machinery, New York, NY, USA, 161–172. https://doi.org/10.1145/2508859.2516700Google ScholarDigital Library
- Blase Ur. 2016. Supporting Password-Security Decisions with Data. Ph. D. Dissertation. Carnegie Mellon University.Google Scholar
- Blase Ur, Felicia Alfieri, Maung Aung, Lujo Bauer, Nicolas Christin, Jessica Colnago, Lorrie Faith Cranor, Henry Dixon, Pardis Emami Naeini, Hana Habib, Noah Johnson, and William Melicher. 2017. Design and Evaluation of a Data-Driven Password Meter. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (Denver, Colorado, USA) (CHI ’17). Association for Computing Machinery, New York, NY, USA, 3775–3786. https://doi.org/10.1145/3025453.3026050Google ScholarDigital Library
- Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L. Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2012. How Does Your Password Measure up? The Effect of Strength Meters on Password Creation. In Proceedings of the 21st USENIX Conference on Security Symposium (Bellevue, WA) (Security’12). USENIX Association, USA, 5.Google ScholarDigital Library
- Kim-Phuong L. Vu, Robert W. Proctor, Abhilasha Bhargav-Spantzel, Bik-Lam (Belin) Tai, Joshua Cook, and E. Eugene Schultz. 2007. Improving password security and memorability to protect personal and organizational information. International Journal of Human-Computer Studies 65, 8 (2007), 744–757. https://doi.org/10.1016/j.ijhcs.2007.03.007Google ScholarDigital Library
- Ding Wang, Debiao He, Haibo Cheng, and Ping Wang. 2016. fuzzyPSM: A New Password Strength Meter Using Fuzzy Probabilistic Context-Free Grammars. In 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE Computer Society, USA, 595–606. https://doi.org/10.1109/DSN.2016.60Google ScholarCross Ref
- Matt Weir, Sudhir Aggarwal, Michael Collins, and Henry Stern. 2010. Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords. In Proceedings of the 17th ACM Conference on Computer and Communications Security (Chicago, Illinois, USA) (CCS ’10). Association for Computing Machinery, New York, NY, USA, 162–175. https://doi.org/10.1145/1866307.1866327Google ScholarDigital Library
- Daniel Lowe Wheeler. 2016. Zxcvbn: Low-Budget Password Strength Estimation. In Proceedings of the 25th USENIX Conference on Security Symposium (Austin, TX, USA) (SEC’16). USENIX Association, USA, 157–173.Google Scholar
- Yulong Yang, Gradeigh D. Clark, Janne Lindqvist, and Antti Oulasvirta. 2016. Free-Form Gesture Authentication in the Wild. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (San Jose, California, USA) (CHI ’16). Association for Computing Machinery, New York, NY, USA, 3722–3735. https://doi.org/10.1145/2858036.2858270Google ScholarDigital Library
- Ziming Zhao, Gail-Joon Ahn, Jeong-Jin Seo, and Hongxin Hu. 2013. On the Security of Picture Gesture Authentication. In 22nd USENIX Security Symposium (USENIX Security 13). USENIX Association, Washington, D.C., 383–398. https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/zhaoGoogle Scholar
Index Terms
- GestureMeter: Design and Evaluation of a Gesture Password Strength Meter
Comments