MagAuth: Secure and Usable Two-Factor Authentication With Magnetic Wrist Wearables

Abstract

Secure and usable user authentication is the first line of defense against cyber attacks on smart end-user devices. Advanced hacking techniques pose severe threats to the traditional authentication systems based on the password/PIN/fingerprint. We propose MagAuth, a secure and usable two-factor authentication scheme with commercial off-the-shelf (COTS) wrist wearables with magnetic strap bands to enhance the security and usability of password-based authentication for mobile touchscreen devices. In MagAuth, a user enrolls a self-chosen unlock pattern or touch gesture into his touchscreen device by performing it with the same hand the magnetic wrist wearable is on. The chosen unlock pattern or touch gesture serves as the first authentication factor, and the user’s behavioral features manifested in the magnetic field changes during his finger movement correspond to the second factor. The user can unlock his touchscreen device only when both authentication factors can be validated. Comprehensive user experiments confirm the high security and usability of MagAuth. In particular, MagAuth achieves an average true-positive rate up to 96.3 percent and a false-positive rate no larger than 8.4 percent. Moreover, we show that MagAuth is highly resilient to various attacks.