Nathan Malkin
Serge Egelman
Abstract
To prevent unauthorized access to their smartphones, users can enable a "lock screen," which may require entering a PIN or password, drawing a pattern, or providing a biometric. We present the results of two studies that together offer a detailed analysis of the smartphone locking mechanisms currently available to billions of smartphone users worldwide. An online survey (N=8,286), conducted in eight different countries, sheds light on people's reasons for choosing their screen lock method and demonstrates significant crosscultural differences in attitudes towards this subject. In a separate monthlong field study (N=134), we studied how existing lock screen mechanisms provide users with distinct tradeoffs between usability and security, identifying areas where both could be improved.
- Panagiotis Andriotis, Theo Tryfonas, and George Oikonomou. 2014. Complexity Metrics and User Strength Perceptions of the PatternLock Graphical Authentication Method. In Proceedings of the Second International Conference on Human Aspects of Information Security, Privacy, and Trust Volume 8533. Springer-Verlag New York, Inc., New York, NY, USA, 115--126. Google Scholar
Digital Library
- Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith. 2010. Smudge Attacks on Smartphone Touch Screens. In Proceedings of the 4th USENIX Conference on Offensive Technologies (WOOT'10). USENIX Association, Berkeley, CA, USA, 1--7. http://dl.acm.org/citation.cfm?id=1925004.1925009 Google ScholarDigital Library
- Andrea Bianchi, Ian Oakley, Vassilis Kostakos, and Dong Soo Kwon. 2011. The Phone Lock: Audio and Haptic Shouldersurfing Resistant PIN Entry Methods for Mobile Devices. In Proceedings of the Fifth International Conference on Tangible, Embedded, and Embodied Interaction (TEI '11). ACM, New York, NY, USA, 197--200. Google ScholarDigital Library
- Joseph Bonneau, So en Preibusch, and Ross Anderson. 2012. A Birthday Present Every Eleven Wallets? The Security of CustomerChosen Banking PINs. In Financial Cryptography and Data Security, Angelos D. Keromytis (Ed.). Lecture Notes in Computer Science, Vol. 7397. Springer Berlin Heidelberg, 25--40.Google Scholar
- Alexander De Luca, Alina Hang, Frederik Brudy, Christian Lindner, and Heinrich Hussmann. 2012. Touch Me Once and I Know It's You!: Implicit Authentication Based on Touch Screen Patterns. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '12). ACM, New York, NY, USA, 987--996. Google ScholarDigital Library
- Serge Egelman, Sakshi Jain, Rebecca S. Portnoff, Kerwell Liao, Sunny Consolvo, and David Wagner. 2014. Are You Ready to Lock?. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS '14). ACM, New York, NY, USA, 750761. Google ScholarDigital Library
- Marian Harbach, Alexander De Luca, and Serge Egelman. 2016. The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (CHI '16). ACM, New York, NY, USA, 48064817. Google ScholarDigital Library
- Marian Harbach, Alexander De Luca, Nathan Malkin, and Serge Egelman. 2016. Keep on Lockin' in the Free World: A MultiNational Comparison of Smartphone Locking. In Proceedings of the 2016 CHI Conference on Human Factors in Computing Systems (CHI '16). ACM, New York, NY, USA, 48234827. Google ScholarDigital Library
- Sung-Hwan Kim, Jong- Woo Kim, SeonYeong Kim, and Hwan- Gue Cho. 2011. A New Shouldersurfing Resistant Password for Mobile Environments. In Proceedings of the 5th International Conference on Ubiquitous Information Management and Communication (ICUIMC '11). ACM, New York, NY, USA, Article 27, 8 pages. Google ScholarDigital Library
- Anandatirtha Nandugudi, Anudipa Maiti, Taeyeon Ki, Fatih Bulut, Murat Demirbas, Tevfik Kosar, Chunming Qiao, Steven Y. Ko, and Geoffrey Challen. 2013. PhoneLab: A Large Programmable Smartphone Testbed. In Proceedings of First International Workshop on Sensing and Big Data Mining (SENSEMINE'13). ACM, New York, NY, USA, Article 4, 6 pages. Google ScholarDigital Library
- Tetsuji Takada and Yuki Kokubun. 2013. Extended PIN Authentication Scheme Allowing MultiTouch Key Input. In Proceedings of International Conference on Advances in Mobile Computing & Multimedia (MoMM '13). ACM, New York, NY, USA, Article 307, 4 pages. Google ScholarDigital Library
- Sebastian Uellenbeck, Markus Du muth, Christopher Wolf, and Thorsten Holz. 2013. Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS '13). ACM, New York, NY, USA, 161--172. Google ScholarDigital Library
- Emanuel von Zezschwitz, Alexander De Luca, Bruno Brunkow, and Heinrich Hussmann. 2015a. SwiPIN: Fast and Secure PINEntry on Smartphones. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). ACM, New York, NY, USA, 1403--1406. Google ScholarDigital Library
- Emanuel von Zezschwitz, Alexander De Luca, Philipp Janssen, and Heinrich Hussmann. 2015b. Easy to Draw, but Hard to Trace?: On the Observability of Gridbased (Un)Lock Patterns. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (CHI '15). ACM, New York, NY, USA, 2339--2342. Google ScholarDigital Library
- Nan Zheng, Kun Bai, Hai Huang, and Haining Wang. 2014. You Are How You Touch: User Verification on Smartphones via Tapping Behaviors. In Proceedings of the 2014 IEEE 22nd International Conference on Network Protocols (ICNP '14). IEEE Computer Society, Washington, DC, USA, 221--232. Google ScholarDigital Library
Recommendations
The Anatomy of Smartphone Unlocking: A Field Study of Android Lock Screens
CHI '16: Proceedings of the 2016 CHI Conference on Human Factors in Computing SystemsTo prevent unauthorized parties from accessing data stored on their smartphones, users have the option of enabling a "lock screen" that requires a secret code (e.g., PIN, drawing a pattern, or biometric) to gain access to their devices. We present a ...
Energy-efficient prediction of smartphone unlocking
We investigate the predictability of the next unlock event on smartphones, using machine learning and smartphone contextual data. In a 2-week field study with 27 participants, we demonstrate that it is possible to predict when the next unlock event will ...
Comments