TIM: Secure and usable authentication for smartphones

Abstract

With the widespread popularity of smartphones and mobile applications, they have gradually penetrated and are widely used in our daily lives, e.g., we use them for online shopping and mobile banking. This has led to an increased demand for securing data processed and stored by smartphones. User authentication is an entry guard for ensuring secure access to smartphones, which aims at verifying a user’s identity. Typically, such a method is text-based authentication. However, the existing text-based authentication solutions bring in the trade-off issue between security and usability. The main reason is short text-based passwords are easy to remember but not secure enough as they are vulnerable to password guessing or shoulder surfing attacks. In contrast, long text-based passwords can ensure security, but they raise usability issues due to the difficulty of memorising, recalling, and inputting passwords. Moreover, the graphical password solutions suffer from shoulder surfing attacks.In this article, we propose an image-based authentication solution for smartphone users to reduce the risk of mounting a shoulder surfing attack. The proposed solution requires users to select and move predefined images to the designated position for passing the authentication check. In a laboratory experiment with 62 participants, we asked them to test the robustness of TIM to resist the existing attacks, and compare the usability with other image-based solutions. An analysis of collected results indicates that the proposed solution can resist password guessing and shoulder surfing attacks. Consequently, more than 85% of participants believed that the proposed solution could mitigate both password guessing and shoulder surfing attacks. Further, 71% of participants think that TIM is more usable compared to the existing solutions. While 50% of them preferred to choose TIM, more than 50% of participants claim that the learning curve of TIM is very short and the configuration is easy.