Usability and shoulder surfing vulnerability of pattern passwords on mobile devices using camouflage patterns

Abstract

With the revolution of smart devices that have become the basis of our daily lives, the majority of users rely on them to save their personal and sensitive information. As a result, users are increasingly interested in authentication processes, which is a challenge for designers to provide a secure and usable authentication process. The pattern password is one of the most selected authentication methods, since the recent development in alternative authentication interfaces for smart phones, tablets and touch screens laptops. Although drawing a pattern seems easier than typing a password, it has a major security drawback which is the shoulder-surfing attack. Therefore, this paper proposes a shoulder-surfing resistance approach for mobile devices using Camouflage Patterns method which allows choosing a very short password, while insuring that the password remains hidden amongst a large number of nodes draws. Based on this approach, three techniques are introduced and implemented using an Android platform. An experimental study is conducted for evaluating the security and usability aspects. The results showed that the proposed approach is reasonably resistant against shoulder-surfing attacks and usable for users. Accordingly, this approach is recommended for designers in order to provide very simple and yet very complicated passwords, to be observed by the attacker, at the same time.