Composition policies for gesture passwords: User choice, security, usability and memorability

Gradeigh Clark; Janne Lindqvist; Antti Oulasvirta

doi:10.1109/CNS.2017.8228644

Composition policies for gesture passwords: User choice, security, usability and memorability

Gradeigh Clark, Janne Lindqvist, Antti Oulasvirta

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

135 Downloads (Pure)

Abstract

Research on gesture passwords suggest they are highly usable and secure, leading them to be proposed as a strong alternative authentication method for touchscreen devices. However, studies demonstrate that user-chosen gesture passwords are biased towards familiar symbols, increasing the risk of guessing. Prior work on gesture elicitation focuses on creating sets with high overlap, but gesture passwords require solving an inverse problem: minimal overlap between different users. We present the results of the first study (N = 128) of composition policies for gesture passwords, wherein we compare four policies derived from unique properties of gesture passwords. Our main result is that implementing a policy changes user choice, security, usability, and memorability compared to a control group and that the strength of those changes depend on the policies. We report trade-offs among the instruction policies while showing that simple policies cause users to choose stronger and diverse gesture passwords.

Original language	English
Title of host publication	2017 IEEE Conference on Communications and Network Security (CNS)
Publisher	IEEE
Number of pages	9
ISBN (Electronic)	978-1-5386-0683-4
ISBN (Print)	978-1-5386-0684-1
DOIs	https://doi.org/10.1109/CNS.2017.8228644
Publication status	Published - 2017
MoE publication type	A4 Article in a conference publication
Event	IEEE Conference on Communications and Network Security - Las Vegas, United States Duration: 9 Oct 2017 → 11 Oct 2017

Publication series

Name	IEEE Conference on Communications and Network Security
ISSN (Print)	2474-025X

Conference

Conference	IEEE Conference on Communications and Network Security
Abbreviated title	CNS
Country	United States
City	Las Vegas
Period	09/10/2017 → 11/10/2017

Access to Document

10.1109/CNS.2017.8228644

oulasvirta-et-al-CNS17-gesturepoliciesAccepted author manuscript, 214 KB

Fingerprint Dive into the research topics of 'Composition policies for gesture passwords: User choice, security, usability and memorability'. Together they form a unique fingerprint.

Cite this

@inproceedings{0b2356c6c1814f348eb37ad35101f8d1,

title = "Composition policies for gesture passwords: User choice, security, usability and memorability",

abstract = "Research on gesture passwords suggest they are highly usable and secure, leading them to be proposed as a strong alternative authentication method for touchscreen devices. However, studies demonstrate that user-chosen gesture passwords are biased towards familiar symbols, increasing the risk of guessing. Prior work on gesture elicitation focuses on creating sets with high overlap, but gesture passwords require solving an inverse problem: minimal overlap between different users. We present the results of the first study (N = 128) of composition policies for gesture passwords, wherein we compare four policies derived from unique properties of gesture passwords. Our main result is that implementing a policy changes user choice, security, usability, and memorability compared to a control group and that the strength of those changes depend on the policies. We report trade-offs among the instruction policies while showing that simple policies cause users to choose stronger and diverse gesture passwords.",

author = "Gradeigh Clark and Janne Lindqvist and Antti Oulasvirta",

year = "2017",

doi = "10.1109/CNS.2017.8228644",

language = "English",

isbn = "978-1-5386-0684-1",

series = "IEEE Conference on Communications and Network Security",

publisher = "IEEE",

booktitle = "2017 IEEE Conference on Communications and Network Security (CNS)",

address = "United States",

note = "IEEE Conference on Communications and Network Security, CNS ; Conference date: 09-10-2017 Through 11-10-2017",

}

Clark, G, Lindqvist, J & Oulasvirta, A 2017, Composition policies for gesture passwords: User choice, security, usability and memorability. in 2017 IEEE Conference on Communications and Network Security (CNS). IEEE Conference on Communications and Network Security, IEEE, IEEE Conference on Communications and Network Security, Las Vegas, United States, 09/10/2017. https://doi.org/10.1109/CNS.2017.8228644

Composition policies for gesture passwords: User choice, security, usability and memorability. / Clark, Gradeigh; Lindqvist, Janne ; Oulasvirta, Antti.

2017 IEEE Conference on Communications and Network Security (CNS). IEEE, 2017. (IEEE Conference on Communications and Network Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Composition policies for gesture passwords: User choice, security, usability and memorability

AU - Clark, Gradeigh

AU - Lindqvist, Janne

AU - Oulasvirta, Antti

PY - 2017

Y1 - 2017

N2 - Research on gesture passwords suggest they are highly usable and secure, leading them to be proposed as a strong alternative authentication method for touchscreen devices. However, studies demonstrate that user-chosen gesture passwords are biased towards familiar symbols, increasing the risk of guessing. Prior work on gesture elicitation focuses on creating sets with high overlap, but gesture passwords require solving an inverse problem: minimal overlap between different users. We present the results of the first study (N = 128) of composition policies for gesture passwords, wherein we compare four policies derived from unique properties of gesture passwords. Our main result is that implementing a policy changes user choice, security, usability, and memorability compared to a control group and that the strength of those changes depend on the policies. We report trade-offs among the instruction policies while showing that simple policies cause users to choose stronger and diverse gesture passwords.

AB - Research on gesture passwords suggest they are highly usable and secure, leading them to be proposed as a strong alternative authentication method for touchscreen devices. However, studies demonstrate that user-chosen gesture passwords are biased towards familiar symbols, increasing the risk of guessing. Prior work on gesture elicitation focuses on creating sets with high overlap, but gesture passwords require solving an inverse problem: minimal overlap between different users. We present the results of the first study (N = 128) of composition policies for gesture passwords, wherein we compare four policies derived from unique properties of gesture passwords. Our main result is that implementing a policy changes user choice, security, usability, and memorability compared to a control group and that the strength of those changes depend on the policies. We report trade-offs among the instruction policies while showing that simple policies cause users to choose stronger and diverse gesture passwords.

U2 - 10.1109/CNS.2017.8228644

DO - 10.1109/CNS.2017.8228644

M3 - Conference contribution

SN - 978-1-5386-0684-1

T3 - IEEE Conference on Communications and Network Security

BT - 2017 IEEE Conference on Communications and Network Security (CNS)

PB - IEEE

T2 - IEEE Conference on Communications and Network Security

Y2 - 9 October 2017 through 11 October 2017

ER -