Use the Force: Evaluating Force-sensitive Authentication for Mobile Devices

Krombholz, Katharina and Hupperich, Thomas and Holz, Thorsten
(2016) Use the Force: Evaluating Force-sensitive Authentication for Mobile Devices.
In: Symposium on Usable Privacy and Security (SOUPS) 2016.

[img]
Preview
 Text
soups2016-paper-krombholz.pdf
Download (764kB) | Preview

Abstract

Modern, off-the-shelf smartphones provide a rich set of possible touchscreen interactions, but knowledge-based authentication schemes still rely on simple digit or character input. Previous studies examined the shortcomings of such schemes based on unlock patterns, PINs, and passcodes. In this paper, we propose to integrate pressure-sensitive touchscreen interactions into knowledge-based authentication schemes. By adding a (practically) invisible, pressuresensitive component, users can select stronger PINs that are harder to observe for a shoulder surfer. We conducted a within-subjects design lab study (n = 50) to compare our approach termed force-PINs with standard four-digit and six-digit PINs regarding their usability performance and a comprehensive security evaluation. In addition, we conducted a field study that demonstrated lower authentication overhead. Finally, we found that force-PINs let users select higher entropy PINs that are more resilient to shoulder surfing attacks with minimal impact on the usability performance.

Item Type: Conference or Workshop Item (A Paper) (Paper)
Divisions: Katharina Krombholz (Human-Oriented Security, HOS)
Depositing User: Katharina Krombholz
Date Deposited: 26 Feb 2019 13:31
Last Modified: 18 Jul 2019 12:12
Primary Research Area: NRA5: Empirical & Behavioral Security
URI: https://publications.cispa.saarland/id/eprint/2810

Actions

Actions (login required)

View Item View Item
CISPA is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.