A study on usability and security features of the Android pattern lock screen

Purpose – The Android pattern lock screen (or graphical password) is a popular user authentication method that relies on the advantages provided by the visual representation of a password, which enhance its memorability. Graphical passwords are vulnerable to attacks (e.g. shoulder surfing); thus, th...

Full description

Saved in:
Bibliographic Details
Published inInformation and computer security Vol. 24; no. 1; pp. 53 - 72
Main Authors Andriotis, Panagiotis, Oikonomou, George, Mylonas, Alexios, Tryfonas, Theo
Format Journal Article
LanguageEnglish
Published Bingley Emerald Group Publishing Limited 14.03.2016
Subjects
Algorithms
Authentication
Case studies
Cybersecurity
Graphical representations
Handedness
Methods
Mobile communication systems
Operating systems
Passwords
Personal identification numbers
Security management
Smartphones
Symmetry
Universal Serial Bus
Usability
Online AccessGet full text

Cover

More Information
Summary:Purpose – The Android pattern lock screen (or graphical password) is a popular user authentication method that relies on the advantages provided by the visual representation of a password, which enhance its memorability. Graphical passwords are vulnerable to attacks (e.g. shoulder surfing); thus, the need for more complex passwords becomes apparent. This paper aims to focus on the features that constitute a usable and secure pattern and investigate the existence of heuristic and physical rules that possibly dictate the formation of a pattern. Design/methodology/approach – The authors conducted a survey to study the users’ understanding of the security and usability of the pattern lock screen. The authors developed an Android application that collects graphical passwords, by simulating user authentication in a mobile device. This avoids any potential bias that is introduced when the survey participants are not interacting with a mobile device while forming graphical passwords (e.g. in Web or hard-copy surveys). Findings – The findings verify and enrich previous knowledge for graphical passwords, namely, that users mostly prefer usability than security. Using the survey results, the authors demonstrate how biased input impairs security by shrinking the available password space. Research limitations/implications – The sample’s demographics may affect our findings. Therefore, future work can focus on the replication of our work in a sample with different demographics. Originality/value – The authors define metrics that measure the usability of a pattern (handedness, directionality and symmetry) and investigate their impact to its formation. The authors propose a security assessment scheme using features in a pattern (e.g. the existence of knight moves or overlapping nodes) to evaluate its security strengths.
ISSN:2056-4961
2056-497X
DOI:10.1108/ICS-01-2015-0001