Entering a password on a mobile phone requires more effort than entering it on a PC keyboard, especially when using capital letters, digits, and special characters that are considered important for strong passwords. In this study, we examine how these factors affect the construction of passwords on input-constrained devices such as mobile phones. We conducted a between-group experiment with 72 students from the University of Texas at Arlington (UTA), in which we asked the participants to construct new passwords using PC keyboards and mobile phones with different keypad layouts. Passwords constructed by using PC keyboards were stronger than those constructed by touchscreen keypads. Surprisingly, passwords that were constructed by mobile phones with physical keyboards were stronger than those constructed by PC keyboards. We also designed a custom layout for the touchscreen keypad that offers a more convenient method of typing digits and some special characters. Our results show that this custom layout helped the participants to construct stronger passwords on mobile phones. To address an alternative explanation for better performance of the physical keyboard and custom layout groups, we designed a second experiment by removing the potential bias effects of the first experiment. The results of this within-group experiment confirm that if users are presented with a more convenient method of entering digits and special characters on mobile handsets, they take advantage of it to construct stronger passwords. The results also supplement our finding regarding password construction and user engagement from the first experiment and highlight an important design consideration about password construction pages for mobile versions of websites.
[1]
Daniel J. Wigdor,et al.
A comparison of consecutive and concurrent input text entry techniques for mobile phones
,
2004,
CHI.
[2]
Lujo Bauer,et al.
Of passwords and people: measuring the effect of password-composition policies
,
2011,
CHI.
[3]
Shumin Zhai,et al.
Smart phone use by non-mobile business users
,
2011,
Mobile HCI.
[4]
M. Jakobsson.
Rethinking Passwords to Adapt to Constrained Keyboards
,
2011
.
[5]
高田哲司,et al.
"Exploring the Design Space of Graphical Passwords on Smartphones"の紹介
,
2013
.
[6]
Harrison Si,et al.
Handbook of Research Methods in Social and Personality Psychology: Author Index
,
2013
.
[7]
Stephen A. Brewster,et al.
Pressure-based text entry for mobile devices
,
2009,
Mobile HCI.
[8]
Markus Jakobsson,et al.
Implicit authentication for mobile devices
,
2009
.
[9]
Thad Starner,et al.
A model of two-thumb chording on a phone keypad
,
2009,
Mobile HCI.
[10]
Sudhir Aggarwal,et al.
Testing metrics for password creation policies by attacking large sets of revealed passwords
,
2010,
CCS '10.
[11]
Sonia Chiasson,et al.
Improving user authentication on mobile devices: a touchscreen graphical password
,
2013,
MobileHCI '13.
[12]
M. Brewer,et al.
Research Design and Issues of Validity
,
2000
.
[13]
Arthur F. Kramer,et al.
A multilevel input system with force-sensitive elements
,
2001,
Int. J. Hum. Comput. Stud..