A STUDY ON USABILITY AND SECURITY
FEATURES OF THE ANDROID PATTERN LOCK SCREEN
(Akbar Raihan Maghribi / 1534010008)
Methodology
The work aims to reveal
behavioural heuristic rules that might affect the information of patterns in
Android devices. The goal is to simulate the user authentication scheme and
collect graphical passwords.
To this end, we developed
an application (app) that was distributed through Google Play, or Android official
app marketplace. The participants were allowed to draw the same pattern for the
two categories. Finally, they selected the pattern they would prefer to use on
their device.
Survey
results and discussion
Of 388 unique
participants, 68.6 percent were male and 25 percent were female, whereas 6.4
percent chose not to disclosure their gender. A total of 35.8 percent of the
respondents were aged between 25 and 39 years, 30.7 percent were between 16 and
24 years, 21.6 percent were aged under 16 years, 9.8 percent were between 40
and 64 years, and the rest 2.1 percent were aged over 65 years.
The education of the
sample is also diverse. A total of 21.1 percent of them were postgraduates,
18.3 percent were graduates, 19.6 percent were on high-school educational
level, 11.9 percent placed themselves in higher levels of education (doctorate)
and 29.1 percent replied using the choice “none”.
Regarding the use of lock screen mechanisms,
23.5 per cent of the participants use the pattern lock scheme, which was the most
popular lock screen mechanism in our sample.
Conclusion
Creating a graphical password is a process that involves
visual stimuli, understanding of security and subconscious biases driven by the
way we are used to act in our daily lives. In this paper, we developed an
Android app to conduct a survey that would collect sets of usable and secure
patterns. We analysed the collected patterns to study the existence of
heuristic rules that may affect the formation of such a graphical password.
Subsequently, we used our findings in a case study to stress the importance of
the balance between usability and security.
Training users to create more complex
patterns by including knight moves, overlapping
nodes
and random starting points can avoid behavioural attacks as the ones presented
in this work.
Entropy is a measure used to describe the
uncertainty in a random variable. As future work, we plan to compare our
empirical results with entropic measures that are commonly used in information
theory. Another direction of future research would be the creation of a password
meter that warns users about the strength of a chosen graphical password.
No comments:
Post a Comment