von Zezschwitz, Emanuel; Eiband, Malin; Buschek, Daniel; Oberhuber, Sascha; De Luca, Alexander; Alt, Florian; Hussmann, Heinrich
Document type:
Konferenzbeitrag / Conference Paper
Title:
On Quantifying the Effective Password Space of Grid-based Unlock Gestures
Title of conference publication:
MUM '16
Subtitle of conference publication:
Proceedings of the 15th International Conference on Mobile and Ubiquitous Multimedia
Conference title:
International Conference on Mobile and Ubiquitous Multimedia (15., 2016, Rovaniemi)
Venue:
Rovaniemi, Finland
Year of conference:
2016
Date of conference beginning:
12.12.2016
Date of conference ending:
15.12.2016
Place of publication:
New York, NY, USA
Publisher:
ACM
Year:
2016
Pages from - to:
201-212
Language:
Englisch
Keywords:
metric ; password space ; security ; similarity ; unlock pattern ; user selection
Abstract:
We present a similarity metric for Android unlock patterns to quantify the effective password space of user-defined gestures. Our metric is the first of its kind to reflect that users choose patterns based on human intuition and interest in geometric properties of the resulting shapes. Applying our metric to a dataset of 506 user-defined patterns reveals very similar shapes that only differ by simple geometric transformations such as rotation. This shrinks the effective password space by 66% and allows informed guessing attacks. Consequently, we present an approach to subtly nudge users to create more diverse patterns by showing background images and animations during pattern creation. Results from a user study (n = 496) show that applying such countermeasures can significantly increase pattern diversity. We conclude with implications for pattern choices and the design of enrollment processes. «
We present a similarity metric for Android unlock patterns to quantify the effective password space of user-defined gestures. Our metric is the first of its kind to reflect that users choose patterns based on human intuition and interest in geometric properties of the resulting shapes. Applying our metric to a dataset of 506 user-defined patterns reveals very similar shapes that only differ by simple geometric transformations such as rotation. This shrinks the effective password space by 66% and... »