论文信息 - Easy to Draw, but Hard to Trace?: On the Observability of Grid-based (Un)lock Patterns

Easy to Draw, but Hard to Trace?: On the Observability of Grid-based (Un)lock Patterns

We performed a systematic evaluation of the shoulder surfing susceptibility of the Android pattern (un)lock. The results of an online study (n=298) enabled us to quantify the influence of pattern length, line visibility, number of knight moves, number of overlaps and number of intersections on observation resistance. The results show that all parameters have a highly significant influence, with line visibility and pattern length being most important. We discuss implications for real-world patterns and present a linear regression model that can predict the observability of a given pattern. The model can be used to provide proactive security measurements for (un)lock patterns, in analogy to password meters.

[1] Alexander De Luca,et al. It's a Hard Lock Life: A Field Study of Smartphone (Un)Locking Behavior and Risk Perception , 2014, SOUPS.

[2] Alexander De Luca,et al. Patterns in the wild: a field study of the usability of pattern and pin-based authentication on mobile devices , 2013, MobileHCI '13.

[3] Theodore Tryfonas,et al. Complexity Metrics and User Strength Perceptions of the Pattern-Lock Graphical Authentication Method , 2014, HCI.

[4] David Griffiths,et al. Shoulder surfing defence for recall-based graphical passwords , 2011, SOUPS.

[5] Vassilis-Javed Khan,et al. Picassopass: a password scheme using a dynamically layered combination of graphical elements , 2013, CHI Extended Abstracts.

[6] Michael K. Reiter,et al. The Design and Analysis of Graphical Passwords , 1999, USENIX Security Symposium.

[7] Markus Dürmuth,et al. Quantifying the security of graphical passwords: the case of android unlock patterns , 2013, CCS.

[8] Heinrich Hußmann,et al. Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[9] J. V. Khan,et al. Dynamic layering graphical elements for graphical password schemes: creating the difference , 2014 .

[10] Adam J. Aviv,et al. Smudge Attacks on Smartphone Touch Screens , 2010, WOOT.