Skip to main content

Research Repository

Advanced Search

A study on usability and security features of the Android pattern lock screen

Andriotis, Panagiotis; Oikonomou, George; Mylonas, Alexios; Tryfonas, Theo

Authors

Profile Image

Dr Panos Andriotis Panagiotis.Andriotis@uwe.ac.uk
Senior Lecturer in Computer Forensics and Security

George Oikonomou

Alexios Mylonas

Theo Tryfonas



Abstract

© Emerald Group Publishing Limited. Purpose: - The Android pattern lock screen (or graphical password) is a popular user authentication method that relies on the advantages provided by the visual representation of a password, which enhance its memorability. Graphical passwords are vulnerable to attacks (e.g. shoulder surffing); thus, the need for more complex passwords becomes apparent. This paper aims to focus on the features that constitute a usable and secure pattern and investigate the existence of heuristic and physical rules that possibly dictate the formation of a pattern. Design/methodology/approach: - The authors conducted a survey to study the users' understanding of the security and usability of the pattern lock screen. The authors developed an Android application that collects graphical passwords, by simulating user authentication in a mobile device. This avoids any potential bias that is introduced when the survey participants are not interacting with a mobile device while forming graphical passwords (e.g. in Web or hard-copy surveys). Findings: - The findings verify and enrich previous knowledge for graphical passwords, namely, that users mostly prefer usability than security. Using the survey results, the authors demonstrate how biased input impairs security by shrinking the available password space. Research limitations/implications: - The sample's demographics may affect our findings. Therefore, future work can focus onthe replication of our work in a sample with different demographics. Originality/value: - The authors define metrics that measure the usability of a pattern (handedness, directionality and symmetry) and investigate their impact to its formation. The authors propose a security assessment scheme using features in a pattern (e.g. the existence of knight moves or overlapping nodes) to evaluate its security strengths.

Citation

Andriotis, P., Oikonomou, G., Mylonas, A., & Tryfonas, T. (2016). A study on usability and security features of the Android pattern lock screen. Information and Computer Security, 24(1), 53-72. https://doi.org/10.1108/ICS-01-2015-0001

Journal Article Type Article
Acceptance Date Jun 23, 2015
Publication Date Mar 14, 2016
Journal Information and Computer Security
Print ISSN 2056-4961
Electronic ISSN 2056-4961
Publisher Emerald
Peer Reviewed Peer Reviewed
Volume 24
Issue 1
Pages 53-72
DOI https://doi.org/10.1108/ICS-01-2015-0001
Keywords vulnerability, authentication, user, pattern, graphical password
Public URL https://uwe-repository.worktribe.com/output/916393
Publisher URL http://dx.doi.org/10.1108/ICS-01-2015-0001