Composition policies for gesture passwords: User choice, security, usability and memorability
Loading...
Access rights
openAccess
acceptedVersion
URL
Journal Title
Journal ISSN
Volume Title
A4 Artikkeli konferenssijulkaisussa
This publication is imported from Aalto University research portal.
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Date
2017
Major/Subject
Mcode
Degree programme
Language
en
Pages
9
Series
2017 IEEE Conference on Communications and Network Security (CNS), IEEE Conference on Communications and Network Security
Abstract
Research on gesture passwords suggest they are highly usable and secure, leading them to be proposed as a strong alternative authentication method for touchscreen devices. However, studies demonstrate that user-chosen gesture passwords are biased towards familiar symbols, increasing the risk of guessing. Prior work on gesture elicitation focuses on creating sets with high overlap, but gesture passwords require solving an inverse problem: minimal overlap between different users. We present the results of the first study (N = 128) of composition policies for gesture passwords, wherein we compare four policies derived from unique properties of gesture passwords. Our main result is that implementing a policy changes user choice, security, usability, and memorability compared to a control group and that the strength of those changes depend on the policies. We report trade-offs among the instruction policies while showing that simple policies cause users to choose stronger and diverse gesture passwords.Description
Keywords
Other note
Citation
Clark, G, Lindqvist, J & Oulasvirta, A 2017, Composition policies for gesture passwords: User choice, security, usability and memorability . in 2017 IEEE Conference on Communications and Network Security (CNS) . IEEE Conference on Communications and Network Security, IEEE, IEEE Conference on Communications and Network Security, Las Vegas, Nevada, United States, 09/10/2017 . https://doi.org/10.1109/CNS.2017.8228644