charPattern: Rethinking Android Lock Pattern to Adapt to Remote Authentication

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9393)

Abstract

Android Lock Pattern is popular as a screen lock method on mobile devices but it cannot be used directly over the Internet for user authentication. In our work, we carefully adapt Android Lock Pattern to satisfy the requirements of remote authentication and introduce a new pattern based method called charPattern. Our new method allows dual-mode of input (typing a password and drawing a pattern) hence accommodate users who login alternately with a physical keyboard and a touchscreen device. It uses persuasive technology to create strong passwords which withstand attacks involving up to \(10^6\) guesses; an amount many experts believe sufficient against online attacks. We conduct a hybrid lab and web study to evaluate the usability of the new method and observe that logins with charPattern are significantly faster than the ones with text passwords on mobile devices.

References

  1. 1.
    Biddle, R., Chiasson, S., van Oorschot, P.C.: Graphical passwords: learning from the first twelve years. ACM Comput. Surv. 44(4), 19:1–19:41 (2012)CrossRefMATHGoogle Scholar
  2. 2.
    Uellenbeck, S., Dürmuth, M., Wolf, C., Holz, T.: Quantifying the security of graphical passwords: the case of android unlock patterns. In: Proceedings of the 2013 ACM Conference on Computer and Communications Security, CCS 2013, pp. 161–172. ACM, New York (2013)Google Scholar
  3. 3.
    Bicakci, K., van Oorschot, P.C.: A multi-word password proposal (gridword) and exploring questions about science in security research and usable security evaluation. In: Proceedings of the 2011 Workshop on New Security Paradigms Workshop, NSPW 2011, pp. 25–36. ACM, New York (2011)Google Scholar
  4. 4.
    Cil, U., Bicakci, K.: gridwordx: Design, implementation, and usability evaluation of an authentication scheme supporting both desktops and mobile devices. In: Workshop on Mobile Security Technologies (MoST 2013) (2013)Google Scholar
  5. 5.
    Tao, H., Adams, C.: Pass-go: a proposal to improve the usability of graphical passwords. Int. J. Netw. Secur. 7(2), 273–292 (2008)Google Scholar
  6. 6.
    Brostoff, S., Inglesant, P., Sasse, M.A: Evaluating the usability and security of a graphical one-time pin system. In: Proceedings of the 24th BCS Interaction Specialist Group Conference, BCS 2010, pp. 88–97. British Computer Society, Swinton (2010)Google Scholar
  7. 7.
    Kumar, T.R., Raghavan, S.V.: PassPattern System (PPS): a pattern-based user authentication scheme. In: Das, A., Pung, H.K., Lee, F.B.S., Wong, L.W.C. (eds.) NETWORKING 2008. LNCS, vol. 4982, pp. 162–169. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  8. 8.
    Dunphy, P., Heiner, A.P., Asokan, N.: A closer look at recognition-based graphical passwords on mobile devices. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS 2010, pp. 3:1–3:12. ACM, New York (2010)Google Scholar
  9. 9.
    Schaub, F., Walch, M., Könings, B., Weber, M.: Exploring the design space of graphical passwords on smartphones. In: Proceedings of the Ninth Symposium on Usable Privacy and Security, SOUPS 2013, pp. 11:1–11:14. ACM, New York (2013)Google Scholar
  10. 10.
    Eusing Maze Lock 3.1. (2014). http://www.bit.ly/maze203
  11. 11.
    Cheswick, W.: Rethinking passwords. Queue 10(12), 50:50–50:56 (2012)Google Scholar
  12. 12.
    Farrow, R.: Login: USENIX Magazine, 36(2) 68–69 (2011)Google Scholar
  13. 13.
    Florêncio, D., Herley, C., Coskun, B.: Do strong web passwords accomplish anything? In: Proceedings of the 2nd USENIX Workshop on Hot Topics in Security, HOTSEC 2007, pp. 10:1–10:6. USENIX Association, Berkeley (2007)Google Scholar
  14. 14.
    Florêncio, D., Herley, C., van Oorschot, P.C.: An administrator‘s guide to internet password research. In: 28th Large Installation System Administration Conference (LISA14), USENIX Association, Seattle (2014)Google Scholar
  15. 15.
    Bicakci, K., Atalay, N.B., Yuceel, M., van Oorschot, P.C.: Exploration and field study of a password manager using icon-based passwords. In: Danezis, G., Dietrich, S., Sako, K. (eds.) FC 2011 Workshops 2011. LNCS, vol. 7126, pp. 104–118. Springer, Heidelberg (2012) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Computer Engineering DepartmentTOBB University of Economics and TechnologyAnkaraTurkey

Personalised recommendations