von Zezschwitz, Emanuel; Eiband, Malin; Buschek, Daniel; Oberhuber, Sascha; De Luca, Alexander; Alt, Florian; Hussmann, Heinrich
Dokumenttyp:
Konferenzbeitrag / Conference Paper
Titel:
On Quantifying the Effective Password Space of Grid-based Unlock Gestures
Titel Konferenzpublikation:
MUM '16
Untertitel Konferenzpublikation:
Proceedings of the 15th International Conference on Mobile and Ubiquitous Multimedia
Konferenztitel:
International Conference on Mobile and Ubiquitous Multimedia (15., 2016, Rovaniemi)
Tagungsort:
Rovaniemi, Finland
Jahr der Konferenz:
2016
Datum Beginn der Konferenz:
12.12.2016
Datum Ende der Konferenz:
15.12.2016
Verlagsort:
New York, NY, USA
Verlag:
ACM
Jahr:
2016
Seiten von - bis:
201-212
Sprache:
Englisch
Stichwörter:
metric ; password space ; security ; similarity ; unlock pattern ; user selection
Abstract:
We present a similarity metric for Android unlock patterns to quantify the effective password space of user-defined gestures. Our metric is the first of its kind to reflect that users choose patterns based on human intuition and interest in geometric properties of the resulting shapes. Applying our metric to a dataset of 506 user-defined patterns reveals very similar shapes that only differ by simple geometric transformations such as rotation. This shrinks the effective password space by 66% and allows informed guessing attacks. Consequently, we present an approach to subtly nudge users to create more diverse patterns by showing background images and animations during pattern creation. Results from a user study (n = 496) show that applying such countermeasures can significantly increase pattern diversity. We conclude with implications for pattern choices and the design of enrollment processes. «
We present a similarity metric for Android unlock patterns to quantify the effective password space of user-defined gestures. Our metric is the first of its kind to reflect that users choose patterns based on human intuition and interest in geometric properties of the resulting shapes. Applying our metric to a dataset of 506 user-defined patterns reveals very similar shapes that only differ by simple geometric transformations such as rotation. This shrinks the effective password space by 66% and... »