2 research outputs found
A Survey of Collection Methods and Cross-Data Set Comparison of Android Unlock Patterns
Android's graphical password unlock remains one of the most widely used
schemes for phone unlock authentication, and it is has been studied extensively
in the last decade since its launch. We have learned that users' choice of
patterns mimics the poor password choices in other systems, such as PIN or
text-based passwords. A wide variety of analysis and data collections methods
was used to reach these conclusions, but what is missing from the literature is
a systemized comparison of the related work in this space that compares both
the methodology and the results. In this paper, we take a detailed accounting
of the different methods applied to data collection and analysis for Android
unlock patterns. We do so in two dimensions. First we systemize prior work into
a detailed taxonomy of collection methods, and in the second dimension, we
perform a detailed analysis of 9 different data sets collected using different
methods. While this study focuses singularly on the collection methods and
comparisons of the Android pattern unlock scheme, we believe that many of the
findings generalize to other graphical password schemes, unlock authentication
technology, and other knowledge-based authentication schemes
Double Patterns: A Usable Solution to Increase the Security of Android Unlock Patterns
Android unlock patterns remain quite common. Our study, as well as others,
finds that roughly 25\% of respondents use a pattern when unlocking their
phone. Despite known security issues, the design of the pattern interface
remains unchanged since first launch. We propose Double Patterns, a natural and
easily adoptable advancement on Android unlock patterns that maintains the core
design features, but instead of selecting a single pattern, a user selects two,
concurrent Android unlock patterns entered one-after-the-other super-imposed on
the same 3x3 grid. We evaluated Double Patterns for both security and usability
by conducting an online study with participants in three treatments: a
control treatment, a first pattern entry blocklist, and a blocklist for both
patterns. We find that in all settings, user chosen Double Patterns are more
secure than traditional patterns based on standard guessability metrics, more
similar to that of 4-/6-digit PINs, and even more difficult to guess for a
simulated attacker. Users express positive sentiments in qualitative feedback,
particularly those who currently (or previously) used Android unlock patterns,
and overall, participants found the Double Pattern interface quite usable, with
high recall retention and comparable entry times to traditional patterns. In
particular, current Android pattern users, the target population for Double
Patterns, reported SUS scores in the 80th percentile and high perceptions of
security and usability in responses to open- and closed-questions. Based on
these findings, we would recommend adding Double Patterns as an advancement to
Android patterns, much like allowing for added PIN length