Complexity metrics and user strength perceptions of the pattern-lock graphical authentication method

One of the most popular contemporary graphical password approaches is the Pattern-Lock authentication mechanism that comes integrated with the Android mobile operating system. In this paper we investigate the impact of password strength meters on the selection of a perceivably secure pattern. We first define a suitable metric to measure pattern strength, taking into account the constraints imposed by the Pattern-Lock mechanism's design. We then implement an app via which we conduct a survey for Android users, retaining demographic information of responders and their perceptions on what constitutes a pattern complex enough to be secure. Subsequently, we display a pattern strength meter to the participant and investigate whether this additional prompt influences the user to change their pattern to a more effective and complex one. We also investigate potential correlations between our findings and results of a previous pilot study in order to detect any significant biases on setting a Pattern-Lock. © 2014 Springer International Publishing

Complexity metrics and user strength perceptions of the pattern-lock graphical authentication method

One of the most popular contemporary graphical password approaches is the Pattern-Lock authentication mechanism that comes integrated with the Android mobile operating system. In this paper we investigate the impact of password strength meters on the selection of a perceivably secure pattern. We first define a suitable metric to measure pattern strength, taking into account the constraints imposed by the Pattern-Lock mechanism's design. We then implement an app via which we conduct a survey for Android users, retaining demographic information of responders and their perceptions on what constitutes a pattern complex enough to be secure. Subsequently, we display a pattern strength meter to the participant and investigate whether this additional prompt influences the user to change their pattern to a more effective and complex one. We also investigate potential correlations between our findings and results of a previous pilot study in order to detect any significant biases on setting a Pattern-Lock. © 2014 Springer International Publishing

Using Grids as Password Entry Devices

The classic text-based password has been around for a very long time. A lot of security research has been conducted on it. A set of best practices has been available for many years stressing the use of longer and more complex passwords. The issue with this approach is that humans have a hard time recalling long complex sequences of characters. Worse, the more complex the string of characters the more prone it is to being written down which is the most detrimental security threat. The goal of this paper is to introduce and provide an introductory analysis of a grid-based password system. This system allows weaker passwords still have the potential security of regular longer more complex passwords. At the same time the system leverages the human ability to better recall visual patterns to aid in the memorization process. This thesis will discuss the mathematical maxima that may be achieved by using this password system. Compare it against conventional graphical passwords, and finally discuss the human factor in using this password schema

Memorable And Secure: How Do You Choose Your PIN?

Managing all your PINs is difficult. Banks acknowledge this by allowing and facilitating PIN changes. However, choosing secure PINs is a difficult task for humans as they are incapable of consciously generating randomness. This leads to certain PINs being chosen more frequently than others, which in turn increases the danger of someone else guessing correctly. We investigate different methods of supporting PIN changes and report on an evaluation of these methods in a study with 152 participants. Our contribution is twofold: We introduce an alternative to system-generated random PINs, which considers people’s preferred memorisation strategy, and, secondly, we provide indication that presenting guidance on how to avoid insecure PINs does indeed nudge people towards more secure PIN choices when they are in the process of changing their PINs

An empirical study of touch-based authentication methods on smartwatches

The emergence of smartwatches poses new challenges to information security. Although there are mature touch-based authentication methods for smartphones, the effectiveness of using these methods on smartwatches is still unclear. We conducted a user study (n=16) to evaluate how authentication methods (PIN and Pattern), UIs (Square and Circular), and display sizes (38mm and 42mm) affect authentication accuracy, speed, and security. Circular UIs are tailored to smartwatches with fewer UI elements. Results show that 1) PIN is more accurate and secure than Pattern; 2) Pattern is much faster than PIN; 3) Square UIs are more secure but less accurate than Circular UIs; 4) display size does not affect accuracy or speed, but security; 5) Square PIN is the most secure method of all. The study also reveals a security concern that participants' favorite method is not the best in any of the measures. We finally discuss implications for future touch-based smartwatch authentication design.Comment: ISWC '17, Proceedings of the 2017 ACM International Symposium on Wearable Computers, 122-125, ACM New York, NY, US

Perbedaan Beban Kognitif pada Penggunaan Kata Sandi Berbasis Pola Garis dan Angka

Most applications require users to enter a password in order to use those applications. One type of the passwords used on smartphones is based on certain line pattern. The pattern of lines that make up the password is essentially an image similar to a sequence of numbers arranged in a particular order. Just when users need to memorize a series of numbers, "memorizing" the line pattern also gives cognitive load to certain level. This study observed the cognitive load experienced by users when they were using line pattern-based password as compared to numeric-based password. The research method employed in this study was a scenario-based experiment followed by a survey to self-report the cognitive load experienced by the user after they run the scenario. Cognitive load experienced by users were reported by users themselves. The subjects of the study were 67 undergraduate and master students. They were voluntarily participated in this research. The result obtained from this study indicated that the cognitive load experienced by users when they used the pattern of the line based password was smaller than the number-based password

CMAPS: A Chess-Based Multi-Facet Password Scheme for Mobile Devices

It has long been recognized, by both security researchers and human-computer interaction researchers, that no silver bullet for authentication exists to achieve security, usability, and memorability. Aiming to achieve the goals, we propose a Multi-fAcet Password Scheme (MAPS) for mobile authentication. MAPS fuses information from multiple facets to form a password, allowing MAPS to enlarge the password space and improve memorability by reducing memory interference, which impairs memory performance according to psychology interference theory. The information fusion in MAPS can increase usability, as fewer input gestures are required for passwords of the same security strength. Based on the idea of MAPS, we implement a Chess-based MAPS (CMAPS) for Android systems. Only two and six gestures are required for CMAPS to generate passwords with better security strength than 4-digit PINs and 8-character alphanumeric passwords, respectively. Our user studies show that CMAPS can achieve high recall rates while exceeding the security strength of standard 8-character alphanumeric passwords used for secure applications

CMAPS: A Chess-Based Multi-Facet Password Scheme for Mobile Devices

It has long been recognized, by both security researchers and human-computer interaction researchers, that no silver bullet for authentication exists to achieve security, usability, and memorability. Aiming to achieve the goals, we propose a Multi-fAcet Password Scheme (MAPS) for mobile authentication. MAPS fuses information from multiple facets to form a password, allowing MAPS to enlarge the password space and improve memorability by reducing memory interference, which impairs memory performance according to psychology interference theory. The information fusion in MAPS can increase usability, as fewer input gestures are required for passwords of the same security strength. Based on the idea of MAPS, we implement a Chess-based MAPS (CMAPS) for Android systems. Only two and six gestures are required for CMAPS to generate passwords with better security strength than 4-digit PINs and 8-character alphanumeric passwords, respectively. Our user studies show that CMAPS can achieve high recall rates while exceeding the security strength of standard 8-character alphanumeric passwords used for secure applications