Composition policies for gesture passwords: User choice, security, usability and memorability

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

222 Downloads (Pure)

Abstract

Research on gesture passwords suggest they are highly usable and secure, leading them to be proposed as a strong alternative authentication method for touchscreen devices. However, studies demonstrate that user-chosen gesture passwords are biased towards familiar symbols, increasing the risk of guessing. Prior work on gesture elicitation focuses on creating sets with high overlap, but gesture passwords require solving an inverse problem: minimal overlap between different users. We present the results of the first study (N = 128) of composition policies for gesture passwords, wherein we compare four policies derived from unique properties of gesture passwords. Our main result is that implementing a policy changes user choice, security, usability, and memorability compared to a control group and that the strength of those changes depend on the policies. We report trade-offs among the instruction policies while showing that simple policies cause users to choose stronger and diverse gesture passwords.
Original languageEnglish
Title of host publication2017 IEEE Conference on Communications and Network Security (CNS)
PublisherIEEE
Number of pages9
ISBN (Electronic)978-1-5386-0683-4
ISBN (Print)978-1-5386-0684-1
DOIs
Publication statusPublished - 2017
MoE publication typeA4 Conference publication
EventIEEE Conference on Communications and Network Security - Las Vegas, United States
Duration: 9 Oct 201711 Oct 2017

Publication series

NameIEEE Conference on Communications and Network Security
ISSN (Print)2474-025X

Conference

ConferenceIEEE Conference on Communications and Network Security
Abbreviated titleCNS
Country/TerritoryUnited States
CityLas Vegas
Period09/10/201711/10/2017

Fingerprint

Dive into the research topics of 'Composition policies for gesture passwords: User choice, security, usability and memorability'. Together they form a unique fingerprint.

Cite this