research-article

GestureMeter: Design and Evaluation of a Gesture Password Strength Meter

Authors:
Eunyong Cheon

Ulsan National Institute of Science and Technology, Korea, Republic of

Ulsan National Institute of Science and Technology, Korea, Republic of

0000-0003-2468-5756
View Profile

,
Jun Ho Huh

Samsung Research, Korea, Republic of

Samsung Research, Korea, Republic of

0000-0003-2007-4018
View Profile

,
Ian Oakley

Ulsan National Institute of Science and Technology, Korea, Republic of

Ulsan National Institute of Science and Technology, Korea, Republic of

0000-0001-5834-8577
View Profile

CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing SystemsApril 2023Article No.: 69Pages 1–19https://doi.org/10.1145/3544548.3581397

Published:19 April 2023Publication History

CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems

Pages 1–19

ABSTRACT

Gestures drawn on touchscreens have been proposed as an authentication method to secure access to smartphones. They provide good usability and a theoretically large password space. However, recent work has demonstrated that users tend to select simple or similar gestures as their passwords, rendering them susceptible to dictionary based guessing attacks. To improve their security, this paper describes a novel gesture password strength meter that interactively provides security assessments and improvement suggestions based on a scoring algorithm that combines a probabilistic model, a gesture dictionary, and a set of novel stroke heuristics. We evaluate this system in both online and offline settings and show it supports creation of gestures that are significantly more resistant to guessing attacks (by up to 67%) while also maintaining performance on usability metrics such as recall success rate and time. We conclude that gesture password strength meters can help users select more secure gesture passwords.

Supplemental Material

3544548.3581397-talk-video.mp4

mp4

238.4 MB

Download

References

Lisa Anthony, Radu-Daniel Vatavu, and Jacob O. Wobbrock. 2013. Understanding the Consistency of Users’ Pen and Finger Stroke Gesture Articulation. In Proceedings of Graphics Interface 2013 (Regina, Sascatchewan, Canada) (GI ’13). Canadian Information Processing Society, CAN, 87–94.Google ScholarDigital Library
Lisa Anthony and Jacob O. Wobbrock. 2012. $N-Protractor: A Fast and Accurate Multistroke Recognizer. In Proceedings of Graphics Interface 2012 (Toronto, Ontario, Canada) (GI ’12). Canadian Information Processing Society, CAN, 117–120.Google Scholar
Adam J. Aviv, Devon Budzitowski, and Ravi Kuber. 2015. Is Bigger Better? Comparing User-Generated Passwords on 3x3 vs. 4x4 Grid Sizes for Android’s Pattern Unlock. In Proceedings of the 31st Annual Computer Security Applications Conference (Los Angeles, CA, USA) (ACSAC 2015). Association for Computing Machinery, New York, NY, USA, 301–310. https://doi.org/10.1145/2818000.2818014Google ScholarDigital Library
Adam J. Aviv and Dane Fichter. 2014. Understanding Visual Perceptions of Usability and Security of Android’s Graphical Password Pattern. In Proceedings of the 30th Annual Computer Security Applications Conference (New Orleans, Louisiana, USA) (ACSAC ’14). Association for Computing Machinery, New York, NY, USA, 286–295. https://doi.org/10.1145/2664243.2664253Google ScholarDigital Library
Aaron Bangor, Philip Kortum, and James Miller. 2009. Determining what individual SUS scores mean: Adding an adjective rating scale. Journal of usability studies (JUS) 4, 3 (2009), 114–123.Google ScholarDigital Library
Rachel Blagojevic, Samuel Hsiao-Heng Chang, and Beryl Plimmer. 2010. The Power of Automatic Feature Selection: Rubine on Steroids. In Proceedings of the Seventh Sketch-Based Interfaces and Modeling Symposium (Annecy, France) (SBIM ’10). Eurographics Association, Goslar, DEU, 79–86.Google ScholarDigital Library
Joseph Bonneau. 2012. The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords. In Proceedings of the 2012 IEEE Symposium on Security and Privacy(SP ’12). IEEE Computer Society, USA, 538–552. https://doi.org/10.1109/SP.2012.49Google ScholarDigital Library
L. Bošnjak, J. Sreš, and B. Brumen. 2018. Brute-force and dictionary attack on hashed real-world passwords. In 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). IEEE Computer Society, USA, 1161–1166. https://doi.org/10.23919/MIPRO.2018.8400211Google ScholarCross Ref
Virginia Braun and Victoria Clarke. 2006. Using thematic analysis in psychology. Qualitative Research in Psychology 3, 2 (2006), 77–101. https://doi.org/10.1191/1478088706qp063oaGoogle ScholarCross Ref
John Brooke 1996. SUS-A quick and dirty usability scale. Usability evaluation in industry 189, 194 (1996), 4–7.Google Scholar
Xavier De Carné De Carnavalet and Mohammad Mannan. 2015. A Large-Scale Evaluation of High-Impact Password Strength Meters. ACM Trans. Inf. Syst. Secur. 18, 1, Article 1 (may 2015), 32 pages. https://doi.org/10.1145/2739044Google ScholarDigital Library
Claude Castelluccia, Markus Dürmuth, and Daniele Perito. 2012. Adaptive Password-Strength Meters from Markov Models. In 19th Annual Network and Distributed System Security Symposium, NDSS 2012, San Diego, California, USA, February 5-8, 2012. The Internet Society, Reston, VA, USA, 14 pages. https://www.ndss-symposium.org/ndss2012/adaptive-password-strength-meters-markov-modelsGoogle Scholar
Seunghun Cha, Sungsu Kwag, Hyoungshick Kim, and Jun Ho Huh. 2017. Boosting the Guessing Attack Performance on Android Lock Patterns with Smudge Attacks. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security(Abu Dhabi, United Arab Emirates) (ASIA CCS ’17). Association for Computing Machinery, New York, NY, USA, 313–326. https://doi.org/10.1145/3052973.3052989Google ScholarDigital Library
Eunyong Cheon, Yonghwan Shin, Jun Ho Huh, Hyoungshick Kim, and Ian Oakley. 2020. Gesture Authentication for Smartphones: Evaluation of Gesture Password Selection Policies. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, USA, 249–267. https://doi.org/10.1109/SP40000.2020.00034Google ScholarCross Ref
Geumhwan Cho, Jun Ho Huh, Junsung Cho, Seongyeol Oh, Youngbae Song, and Hyoungshick Kim. 2017. SysPal: System-Guided Pattern Locks for Android. In 2017 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, USA, 338–356. https://doi.org/10.1109/SP.2017.61Google ScholarCross Ref
Gradeigh D. Clark, Janne Lindqvist, and Antti Oulasvirta. 2017. Composition policies for gesture passwords: User choice, security, usability and memorability. In 2017 IEEE Conference on Communications and Network Security (CNS). IEEE Computer Society, USA, 1–9. https://doi.org/10.1109/CNS.2017.8228644Google ScholarCross Ref
Anupam Das, Joseph Bonneau, Matthew Caesar, Nikita Borisov, and XiaoFeng Wang. 2014. The Tangled Web of Password Reuse. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014. The Internet Society, Reston, VA, USA, 15 pages. https://www.ndss-symposium.org/ndss2014/tangled-web-password-reuseGoogle Scholar
Xavier de Carné de Carnavalet and Mohammad Mannan. 2014. From Very Weak to Very Strong: Analyzing Password-Strength Meters. In 21st Annual Network and Distributed System Security Symposium, NDSS 2014, San Diego, California, USA, February 23-26, 2014. The Internet Society, Reston, VA, USA, 16 pages. https://www.ndss-symposium.org/ndss2014/very-weak-very-strong-analyzing-password-strength-metersGoogle ScholarCross Ref
Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, and Heinrich Hussmann. 2012. Touch Me Once and i Know It’s You! Implicit Authentication Based on Touch Screen Patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Austin, Texas, USA) (CHI ’12). Association for Computing Machinery, New York, NY, USA, 987–996. https://doi.org/10.1145/2207676.2208544Google ScholarDigital Library
Alexander De Luca, Alina Hang, Emanuel von Zezschwitz, and Heinrich Hussmann. 2015. I Feel Like I’m Taking Selfies All Day! Towards Understanding Biometric Authentication on Smartphones. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (Seoul, Republic of Korea) (CHI ’15). Association for Computing Machinery, New York, NY, USA, 1411–1414. https://doi.org/10.1145/2702123.2702141Google ScholarDigital Library
David H Douglas and Thomas K Peucker. 1973. Algorithms for the Reduction of the Number of Points Required to Represent a Digitized Line or its Caricature. Cartographica: The International Journal for Geographic Information and Geovisualization 10, 2 (1973), 112–122. https://doi.org/10.3138/FM57-6770-U75U-7727Google ScholarCross Ref
Serge Egelman, Andreas Sotirakopoulos, Ildar Muslukhov, Konstantin Beznosov, and Cormac Herley. 2013. Does My Password Go up to Eleven? The Impact of Password Meters on Password Selection. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Paris, France) (CHI ’13). Association for Computing Machinery, New York, NY, USA, 2379–2388. https://doi.org/10.1145/2470654.2481329Google ScholarDigital Library
Alain Forget, Sonia Chiasson, and Robert Biddle. 2010. Shoulder-Surfing Resistance with Eye-Gaze Entry in Cued-Recall Graphical Passwords. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Atlanta, Georgia, USA) (CHI ’10). Association for Computing Machinery, New York, NY, USA, 1107–1110. https://doi.org/10.1145/1753326.1753491Google ScholarDigital Library
Alain Forget, Sonia Chiasson, P. C. van Oorschot, and Robert Biddle. 2008. Improving Text Passwords through Persuasion. In Proceedings of the 4th Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, USA) (SOUPS ’08). Association for Computing Machinery, New York, NY, USA, 1–12. https://doi.org/10.1145/1408664.1408666Google ScholarDigital Library
Steven Furnell, Warut Khern-am nuai, Rawan Esmael, Weining Yang, and Ninghui Li. 2018. Enhancing security behaviour by supporting the user. Computers & Security 75 (06 2018). https://doi.org/10.1016/j.cose.2018.01.016Google ScholarCross Ref
Javier Galbally, Iwen Coisel, and Ignacio Sanchez. 2017. A New Multimodal Approach for Password Strength Estimation—Part I: Theory and Algorithms. IEEE Transactions on Information Forensics and Security 12, 12(2017), 2829–2844. https://doi.org/10.1109/TIFS.2016.2636092Google ScholarDigital Library
Rebecca A. Grier. 2015. How High is High? A Meta-Analysis of NASA-TLX Global Workload Scores. Proceedings of the Human Factors and Ergonomics Society Annual Meeting 59, 1(2015), 1727–1731. https://doi.org/10.1177/1541931215591373 arXiv:https://doi.org/10.1177/1541931215591373Google ScholarCross Ref
Sandra G. Hart and Lowell E. Staveland. 1988. Development of NASA-TLX (Task Load Index): Results of Empirical and Theoretical Research. In Human Mental Workload, Peter A. Hancock and Najmedin Meshkati (Eds.). Advances in Psychology, Vol. 52. North-Holland, Amsterdam, Netherlands, 139–183. https://doi.org/10.1016/S0166-4115(08)62386-9Google ScholarCross Ref
Shiva Houshmand and Sudhir Aggarwal. 2012. Building Better Passwords Using Probabilistic Techniques. In Proceedings of the 28th Annual Computer Security Applications Conference (Orlando, Florida, USA) (ACSAC ’12). Association for Computing Machinery, New York, NY, USA, 109–118. https://doi.org/10.1145/2420950.2420966Google ScholarDigital Library
Ryan Kennedy, Scott Clifford, Tyler Burleigh, Philip D. Waggoner, Ryan Jewell, and Nicholas J. G. Winter. 2020. The shape of and solutions to the MTurk quality crisis. Political Science Research and Methods 8, 4 (2020), 614–629. https://doi.org/10.1017/psrm.2020.6Google ScholarCross Ref
Hyoungshick Kim and Jun Ho Huh. 2012. PIN Selection Policies: Are They Really Effective?Comput. Secur. 31, 4 (jun 2012), 484–496. https://doi.org/10.1016/j.cose.2012.02.003Google ScholarDigital Library
Saranga Komanduri, Richard Shay, Patrick Gage Kelley, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Serge Egelman. 2011. Of Passwords and People: Measuring the Effect of Password-Composition Policies. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Vancouver, BC, Canada) (CHI ’11). Association for Computing Machinery, New York, NY, USA, 2595–2604. https://doi.org/10.1145/1978942.1979321Google ScholarDigital Library
Cynthia Kuo, Sasha Romanosky, and Lorrie Faith Cranor. 2006. Human Selection of Mnemonic Phrase-Based Passwords. In Proceedings of the Second Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, USA) (SOUPS ’06). Association for Computing Machinery, New York, NY, USA, 67–78. https://doi.org/10.1145/1143120.1143129Google ScholarDigital Library
Luis Leiva, Radu-Daniel Vatavu, Daniel Martín-Albo, and Réjean Plamondon. 2020. Omnis Prædictio: Estimating the Full Spectrum of Human Performance with Stroke Gestures. International Journal of Human-Computer Studies 142 (05 2020), 102466. https://doi.org/10.1016/j.ijhcs.2020.102466Google ScholarCross Ref
Yang Li. 2010. Protractor: A Fast and Accurate Gesture Recognizer. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Atlanta, Georgia, USA) (CHI ’10). Association for Computing Machinery, New York, NY, USA, 2169–2172. https://doi.org/10.1145/1753326.1753654Google ScholarDigital Library
Can Liu, Gradeigh D. Clark, and Janne Lindqvist. 2017. Guessing Attacks on User-Generated Gesture Passwords. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 1, 1, Article 3 (mar 2017), 24 pages. https://doi.org/10.1145/3053331Google ScholarDigital Library
Can Liu, Gradeigh D. Clark, and Janne Lindqvist. 2017. Where Usability and Security Go Hand-in-Hand: Robust Gesture-Based Authentication for Mobile Systems. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (Denver, Colorado, USA) (CHI ’17). Association for Computing Machinery, New York, NY, USA, 374–386. https://doi.org/10.1145/3025453.3025879Google ScholarDigital Library
A. Chris Long, James A. Landay, Lawrence A. Rowe, and Joseph Michiels. 2000. Visual Similarity of Pen Gestures. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (The Hague, The Netherlands) (CHI ’00). Association for Computing Machinery, New York, NY, USA, 360–367. https://doi.org/10.1145/332040.332458Google ScholarDigital Library
Jerry Ma, Weining Yang, Min Luo, and Ninghui Li. 2014. A Study of Probabilistic Password Models. In Proceedings of the 2014 IEEE Symposium on Security and Privacy(SP ’14). IEEE Computer Society, USA, 689–704. https://doi.org/10.1109/SP.2014.50Google ScholarDigital Library
Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus Dürmuth, and Adam J. Aviv. 2020. This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, USA, 286–303. https://doi.org/10.1109/SP40000.2020.00100Google ScholarCross Ref
Michelle L. Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, and Blase Ur. 2013. Measuring Password Guessability for an Entire University. In Proceedings of the 2013 ACM SIGSAC Conference on Computer &; Communications Security (Berlin, Germany) (CCS ’13). Association for Computing Machinery, New York, NY, USA, 173–186. https://doi.org/10.1145/2508859.2516726Google ScholarDigital Library
William Melicher, Darya Kurilova, Sean M. Segreti, Pranshu Kalvani, Richard Shay, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Michelle L. Mazurek. 2016. Usability and Security of Text Passwords on Mobile Devices. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (San Jose, California, USA) (CHI ’16). Association for Computing Machinery, New York, NY, USA, 527–539. https://doi.org/10.1145/2858036.2858384Google ScholarDigital Library
Antti Pirhonen, Stephen Brewster, and Christopher Holguin. 2002. Gestural and Audio Metaphors as a Means of Control for Mobile Devices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Minneapolis, Minnesota, USA) (CHI ’02). Association for Computing Machinery, New York, NY, USA, 291–298. https://doi.org/10.1145/503376.503428Google ScholarDigital Library
Robert W Proctor, Mei-Ching Lien, Kim-Phuong L Vu, E Eugene Schultz, and Gavriel Salvendy. 2002. Improving computer security for authentication of users: Influence of proactive password restrictions. Behavior Research Methods, Instruments, & Computers 34, 2 (2002), 163–169.Google ScholarCross Ref
George E. Raptis, Christina Katsini, Andrew Jian-lan Cen, Nalin Asanka Gamagedara Arachchilage, and Lennart E. Nacke. 2021. Better, Funner, Stronger: A Gameful Approach to Nudge People into Making Less Predictable Graphical Password Choices. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (Yokohama, Japan) (CHI ’21). Association for Computing Machinery, New York, NY, USA, Article 112, 17 pages. https://doi.org/10.1145/3411764.3445658Google ScholarDigital Library
Napa Sae-Bae, Kowsar Ahmed, Katherine Isbister, and Nasir Memon. 2012. Biometric-Rich Gestures: A Novel Approach to Authentication on Multi-Touch Devices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Austin, Texas, USA) (CHI ’12). Association for Computing Machinery, New York, NY, USA, 977–986. https://doi.org/10.1145/2207676.2208543Google ScholarDigital Library
Alireza Sahami Shirazi, Peyman Moghadam, Hamed Ketabdar, and Albrecht Schmidt. 2012. Assessing the Vulnerability of Magnetic Gestural Authentication to Video-Based Shoulder Surfing Attacks. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Austin, Texas, USA) (CHI ’12). Association for Computing Machinery, New York, NY, USA, 2045–2048. https://doi.org/10.1145/2207676.2208352Google ScholarDigital Library
Apple Platform Security. 2022. Face ID, touch ID, passcodes, and passwords. Retrieved Dec 14th 2022 from https://support.apple.com/guide/security/face-id-touch-id-passcodes-and-passwords-sec9479035f1/web.Google Scholar
Richard Shay, Saranga Komanduri, Patrick Gage Kelley, Pedro Giovanni Leon, Michelle L. Mazurek, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2010. Encountering Stronger Password Requirements: User Attitudes and Behaviors. In Proceedings of the Sixth Symposium on Usable Privacy and Security (Redmond, Washington, USA) (SOUPS ’10). Association for Computing Machinery, New York, NY, USA, Article 2, 20 pages. https://doi.org/10.1145/1837110.1837113Google ScholarDigital Library
Michael Sherman, Gradeigh Clark, Yulong Yang, Shridatt Sugrim, Arttu Modig, Janne Lindqvist, Antti Oulasvirta, and Teemu Roos. 2014. User-Generated Free-Form Gestures for Authentication: Security and Memorability. In Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services (Bretton Woods, New Hampshire, USA) (MobiSys ’14). Association for Computing Machinery, New York, NY, USA, 176–189. https://doi.org/10.1145/2594368.2594375Google ScholarDigital Library
Hansub Shin, Sungyong Sim, Hyukyoon Kwon, Sangheum Hwang, and Younho Lee. 2022. A new smart smudge attack using CNN. International Journal of Information Security 21, 1 (2022), 25–36.Google ScholarDigital Library
M.A. Shukran and M.S.B. Ariffin. 2012. Kinect-based gesture password recognition. Australian Journal of Basic and Applied Sciences 6 (08 2012), 492–499.Google Scholar
Youngbae Song, Geumhwan Cho, Seongyeol Oh, Hyoungshick Kim, and Jun Ho Huh. 2015. On the Effectiveness of Pattern Lock Strength Meters: Measuring the Strength of Real World Pattern Locks. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (Seoul, Republic of Korea) (CHI ’15). Association for Computing Machinery, New York, NY, USA, 2343–2352. https://doi.org/10.1145/2702123.2702365Google ScholarDigital Library
Khai N. Truong, Thariq Shihipar, and Daniel J. Wigdor. 2014. Slide to X: Unlocking the Potential of Smartphone Unlocking. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Toronto, Ontario, Canada) (CHI ’14). Association for Computing Machinery, New York, NY, USA, 3635–3644. https://doi.org/10.1145/2556288.2557044Google ScholarDigital Library
Huawei Tu, Xiangshi Ren, and Shumin Zhai. 2012. A Comparative Evaluation of Finger and Pen Stroke Gestures. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (Austin, Texas, USA) (CHI ’12). Association for Computing Machinery, New York, NY, USA, 1287–1296. https://doi.org/10.1145/2207676.2208584Google ScholarDigital Library
Sebastian Uellenbeck, Markus Dürmuth, Christopher Wolf, and Thorsten Holz. 2013. Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns. In Proceedings of the 2013 ACM SIGSAC Conference on Computer &; Communications Security (Berlin, Germany) (CCS ’13). Association for Computing Machinery, New York, NY, USA, 161–172. https://doi.org/10.1145/2508859.2516700Google ScholarDigital Library
Blase Ur. 2016. Supporting Password-Security Decisions with Data. Ph. D. Dissertation. Carnegie Mellon University.Google Scholar
Blase Ur, Felicia Alfieri, Maung Aung, Lujo Bauer, Nicolas Christin, Jessica Colnago, Lorrie Faith Cranor, Henry Dixon, Pardis Emami Naeini, Hana Habib, Noah Johnson, and William Melicher. 2017. Design and Evaluation of a Data-Driven Password Meter. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (Denver, Colorado, USA) (CHI ’17). Association for Computing Machinery, New York, NY, USA, 3775–3786. https://doi.org/10.1145/3025453.3026050Google ScholarDigital Library
Blase Ur, Patrick Gage Kelley, Saranga Komanduri, Joel Lee, Michael Maass, Michelle L. Mazurek, Timothy Passaro, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2012. How Does Your Password Measure up? The Effect of Strength Meters on Password Creation. In Proceedings of the 21st USENIX Conference on Security Symposium (Bellevue, WA) (Security’12). USENIX Association, USA, 5.Google ScholarDigital Library
Kim-Phuong L. Vu, Robert W. Proctor, Abhilasha Bhargav-Spantzel, Bik-Lam (Belin) Tai, Joshua Cook, and E. Eugene Schultz. 2007. Improving password security and memorability to protect personal and organizational information. International Journal of Human-Computer Studies 65, 8 (2007), 744–757. https://doi.org/10.1016/j.ijhcs.2007.03.007Google ScholarDigital Library
Ding Wang, Debiao He, Haibo Cheng, and Ping Wang. 2016. fuzzyPSM: A New Password Strength Meter Using Fuzzy Probabilistic Context-Free Grammars. In 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE Computer Society, USA, 595–606. https://doi.org/10.1109/DSN.2016.60Google ScholarCross Ref
Matt Weir, Sudhir Aggarwal, Michael Collins, and Henry Stern. 2010. Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords. In Proceedings of the 17th ACM Conference on Computer and Communications Security (Chicago, Illinois, USA) (CCS ’10). Association for Computing Machinery, New York, NY, USA, 162–175. https://doi.org/10.1145/1866307.1866327Google ScholarDigital Library
Daniel Lowe Wheeler. 2016. Zxcvbn: Low-Budget Password Strength Estimation. In Proceedings of the 25th USENIX Conference on Security Symposium (Austin, TX, USA) (SEC’16). USENIX Association, USA, 157–173.Google Scholar
Yulong Yang, Gradeigh D. Clark, Janne Lindqvist, and Antti Oulasvirta. 2016. Free-Form Gesture Authentication in the Wild. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (San Jose, California, USA) (CHI ’16). Association for Computing Machinery, New York, NY, USA, 3722–3735. https://doi.org/10.1145/2858036.2858270Google ScholarDigital Library
Ziming Zhao, Gail-Joon Ahn, Jeong-Jin Seo, and Hongxin Hu. 2013. On the Security of Picture Gesture Authentication. In 22nd USENIX Security Symposium (USENIX Security 13). USENIX Association, Washington, D.C., 383–398. https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/zhaoGoogle Scholar

Index Terms

GestureMeter: Design and Evaluation of a Gesture Password Strength Meter
1. Human-centered computing
  1. Human computer interaction (HCI)
    1. HCI design and evaluation methods
2. Security and privacy
  1. Security services
    1. Authentication
      1. Graphical / visual passwords

Recommendations

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems
April 2023
14911 pages
ISBN:9781450394215
DOI:10.1145/3544548
Editors:
Albrecht Schmidt
LMU Munich, Germany60028717
,
Kaisa Väänänen
Tampere University, Finland60011170
,
Tesh Goyal
Google Research, USA60006191
,
Per Ola Kristensson
University of Cambridge, UK60031101
,
Anicia Peters
University of Namibia, Namibia60072704
,
Stefanie Mueller
Massachusetts Institute of Technology, USA60022195
,
Julie R. Williamson
University of Glasgow, UK60001490
,
Max L. Wilson
University of Nottingham, UK60015138
Copyright © 2023 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 19 April 2023
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Gesture password
Large scale study
Password composition policy
Qualifiers
- research-article
- Research
- Refereed limited
Conference

Acceptance Rates
Overall Acceptance Rate6,199of26,314submissions,24%
Upcoming Conference
CHI '24

Sponsor:

sigchi

CHI Conference on Human Factors in Computing Systems

May 11 - 16, 2024

Honolulu , HI , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 347
  Total Downloads
- Downloads (Last 12 months)347
- Downloads (Last 6 weeks)41
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Full Text

View this article in Full Text.

View Full Text

HTML Format

View this article in HTML Format .

View HTML Format

GestureMeter: Design and Evaluation of a Gesture Password Strength Meter

CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems

ABSTRACT

Supplemental Material

References

Cited By

Index Terms

Recommendations

Pocket Password Book (Password): A discreet internet password organizer

Password Book: Password Journal / Password Organizer / Password Keeper / Internet Usernames and Passwords / Internet Password Logbook A Passkey Log ... seamless pattern collection) (Volume 48)

Password Keeper: 5x8 Internet Password Organizer - 110 Pages 300 Password Records - Discreet Password Book - Vol.1 Password Keeper