Abstract
Android Lock Pattern is popular as a screen lock method on mobile devices but it cannot be used directly over the Internet for user authentication. In our work, we carefully adapt Android Lock Pattern to satisfy the requirements of remote authentication and introduce a new pattern based method called charPattern. Our new method allows dual-mode of input (typing a password and drawing a pattern) hence accommodate users who login alternately with a physical keyboard and a touchscreen device. It uses persuasive technology to create strong passwords which withstand attacks involving up to \(10^6\) guesses; an amount many experts believe sufficient against online attacks. We conduct a hybrid lab and web study to evaluate the usability of the new method and observe that logins with charPattern are significantly faster than the ones with text passwords on mobile devices.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Biddle, R., Chiasson, S., van Oorschot, P.C.: Graphical passwords: learning from the first twelve years. ACM Comput. Surv. 44(4), 19:1–19:41 (2012)
Uellenbeck, S., Dürmuth, M., Wolf, C., Holz, T.: Quantifying the security of graphical passwords: the case of android unlock patterns. In: Proceedings of the 2013 ACM Conference on Computer and Communications Security, CCS 2013, pp. 161–172. ACM, New York (2013)
Bicakci, K., van Oorschot, P.C.: A multi-word password proposal (gridword) and exploring questions about science in security research and usable security evaluation. In: Proceedings of the 2011 Workshop on New Security Paradigms Workshop, NSPW 2011, pp. 25–36. ACM, New York (2011)
Cil, U., Bicakci, K.: gridwordx: Design, implementation, and usability evaluation of an authentication scheme supporting both desktops and mobile devices. In: Workshop on Mobile Security Technologies (MoST 2013) (2013)
Tao, H., Adams, C.: Pass-go: a proposal to improve the usability of graphical passwords. Int. J. Netw. Secur. 7(2), 273–292 (2008)
Brostoff, S., Inglesant, P., Sasse, M.A: Evaluating the usability and security of a graphical one-time pin system. In: Proceedings of the 24th BCS Interaction Specialist Group Conference, BCS 2010, pp. 88–97. British Computer Society, Swinton (2010)
Kumar, T.R., Raghavan, S.V.: PassPattern System (PPS): a pattern-based user authentication scheme. In: Das, A., Pung, H.K., Lee, F.B.S., Wong, L.W.C. (eds.) NETWORKING 2008. LNCS, vol. 4982, pp. 162–169. Springer, Heidelberg (2008)
Dunphy, P., Heiner, A.P., Asokan, N.: A closer look at recognition-based graphical passwords on mobile devices. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS 2010, pp. 3:1–3:12. ACM, New York (2010)
Schaub, F., Walch, M., Könings, B., Weber, M.: Exploring the design space of graphical passwords on smartphones. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, SOUPS 2013, pp. 11:1–11:14. ACM, New York (2013)
Eusing Maze Lock 3.1. (2014). http://www.bit.ly/maze203
Cheswick, W.: Rethinking passwords. Queue 10(12), 50:50–50:56 (2012)
Farrow, R.: Login: USENIX Magazine, 36(2) 68–69 (2011)
Florêncio, D., Herley, C., Coskun, B.: Do strong web passwords accomplish anything? In: Proceedings of the 2nd USENIX Workshop on Hot Topics in Security, HOTSEC 2007, pp. 10:1–10:6. USENIX Association, Berkeley (2007)
Florêncio, D., Herley, C., van Oorschot, P.C.: An administrator‘s guide to internet password research. In: 28th Large Installation System Administration Conference (LISA14), USENIX Association, Seattle (2014)
Bicakci, K., Atalay, N.B., Yuceel, M., van Oorschot, P.C.: Exploration and field study of a password manager using icon-based passwords. In: Danezis, G., Dietrich, S., Sako, K. (eds.) FC 2011 Workshops 2011. LNCS, vol. 7126, pp. 104–118. Springer, Heidelberg (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Bicakci, K., Satiev, T. (2015). charPattern: Rethinking Android Lock Pattern to Adapt to Remote Authentication. In: Mjølsnes, S. (eds) Technology and Practice of Passwords. PASSWORDS 2014. Lecture Notes in Computer Science(), vol 9393. Springer, Cham. https://doi.org/10.1007/978-3-319-24192-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-24192-0_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24191-3
Online ISBN: 978-3-319-24192-0
eBook Packages: Computer ScienceComputer Science (R0)