User-Generated Free-Form Gestures for Authentication: Security and Memorability
نویسندگان
چکیده
This paper studies the security and memorability of free-form multitouch gestures for mobile authentication. Towards this end, we collected a dataset with a generate-test-retest paradigm where participants (N=63) generated free-form gestures, repeated them, and were later retested for memory. Half of the participants decided to generate one-finger gestures, and the other half generated multi-finger gestures. Although there has been recent work on template-based gestures, there are yet no metrics to analyze security of either template or freeform gestures. For example, entropy-based metrics used for text-based passwords are not suitable for capturing the security and memorability of free-form gestures. Hence, we modify a recently proposed metric for analyzing information capacity of continuous full-body movements for this purpose. Our metric computed estimated mutual information in repeated sets of gestures. Surprisingly, one-finger gestures had higher average mutual information. Gestures with many hard angles and turns had the highest mutual information. The best-remembered gestures included signatures and simple angular shapes. We also implemented a multitouch recognizer to evaluate the practicality of free-form gestures in a real authentication system and how they perform against shoulder surfing attacks. We discuss strategies for generating secure and memorable free-form gestures. We conclude that free-form gestures present a robust method for mobile authentication. Full bibliographical citation: Michael Sherman, Gradeigh Clark, Yulong Yang, Shridatt Sugrim, Arttu Modig, Janne Lindqvist, Antti Oulasvirta, and Teemu Roos. 2014. User-generated free-form gestures for authentication: security and memorability. In Proceedings of the 12th annual international conference on Mobile systems, applications, and services (MobiSys '14). ACM, New York, NY, USA, 176-189. DOI=10.1145/2594368.2594375 http://doi.acm.org/10.1145/2594368.2594375 Full paper available at: http://www.winlab.rutgers.edu/~janne/mobisys14gesturesecurity.pdf
منابع مشابه
Enhanced User Graphical Password Authentication with an Usability and Memorability
Authentication is the process to provide guaranteed information security and the graphical password authentication method is a convenient and easy process to provide authentication. The major problem of user registration, mostly text base password, is well known. If the login user be inclined to select a simple password which is frequently in his mind it becomes straightforward for attackers to...
متن کاملTwo Studies on Password Memorability and Perception
Creating and remembering strong passwords is essential to ensure overall system security. This paper presents two studies that evaluate acronym based passwords and system generated passwords in terms of memorability and user perception. Keywords—Password Security, Authentication, Human Factors
متن کاملOn the Memorability of System-generated PINs: Can Chunking Help?
To ensure that users do not choose weak personal identification numbers (PINs), many banks give out system-generated PINs, using computers to generate random PINs. 4-digit is the most commonly used PIN length, but 6-digit system-generated PINs are also becoming popular. The increased security we get from using system-generated PINs, however, comes at the cost of memorability. And while banks ar...
متن کاملMemorability of Pre-designed & User-defined Gesture Sets
We studied the memorability of free-form gesture sets for invoking actions. We compared three types of gesture sets: user-defined gesture sets, gesture sets designed by the authors, and random gesture sets in three studies with 33 participants in total. We found that user-defined gestures are easier to remember, both immediately after creation and on the next day (up to a 24% difference in reca...
متن کاملExploring the Use of Discrete Gestures for Authentication
Research in user authentication has been a growing field in HCI. Previous studies have shown that peoples’ graphical memory can be used to increase password memorability. On the other hand, with the increasing number of devices with built-in motion sensors, kinesthetic memory (or muscle memory) can also be exploited for authentication. This paper presents a novel knowledge-based authentication ...
متن کامل