Abstract
We investigate improvements to authentication on mobile touchscreen phones and present a novel extension to the widely used touchscreen pattern lock mechanism. Our solution allows including nodes in the grid multiple times, which enhances the resilience to smudge and other forms of attack. For example, for a smudge pattern covering 7 nodes, our approach increases the amount of possible lock patterns by a factor of 15 times. Our concept was implemented and evaluated in a laboratory user test (n=36). The test participants found the usability of the proposed concept to be equal to that of the baseline pattern lock mechanism but considered it more secure. Our solution is fully backwards-compatible with the current baseline pattern lock mechanism, hence enabling easy adoption whilst providing higher security at a comparable level of usability.
Highlights
The balance between its ease of use and its security is a critical factor determining its suitability for a particular application
This paper focuses on lock mechanisms for mobile devices, touchscreen smartphones
By enabling node duplication in lock patterns we address the susceptibility to smudge and shoulder surfing attacks, which has been reported as one of the core security problems of the basic pattern lock mechanism
Summary
The balance between its ease of use and its security is a critical factor determining its suitability for a particular application. Smartphones hold a large amount of private information, from personal photographs, to text messages, email, social media, and the possible access to the user’s finances. Even considering that physical access to the device is needed to operate the device lock mechanism, ignoring remote vulnerabilities, the need for a secure lock mechanism is clear. This paper focuses on lock mechanisms for mobile devices, touchscreen smartphones. Research in the domain of usable security in general [1] acknowledges that there is a tension between security, user needs, and acceptance of these mechanisms and suggests design guidelines. One recommendation is to use the “path of least resistance,” that is, to match the most comfortable way to do tasks
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
