TY - GEN
T1 - Composition policies for gesture passwords
T2 - 2017 IEEE Conference on Communications and Network Security, CNS 2017
AU - Clark, Gradeigh D.
AU - Lindqvist, Janne
AU - Oulasvirta, Antti
N1 - Funding Information:
This material is based upon work supported by the National Science Foundation under Grant Numbers 1228777 and 1541069. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation. Gradeigh D. Clark was supported by the Department of Defense (DoD) through the National Defense Science & Engineering Graduate Fellowship (NDSEG) Program.
PY - 2017/12/19
Y1 - 2017/12/19
N2 - Research on gesture passwords suggest they are highly usable and secure, leading them to be proposed as a strong alternative authentication method for touchscreen devices. However, studies demonstrate that user-chosen gesture passwords are biased towards familiar symbols, increasing the risk of guessing. Prior work on gesture elicitation focuses on creating sets with high overlap, but gesture passwords require solving an inverse problem: Minimal overlap between different users. We present the results of the first study (N = 128) of composition policies for gesture passwords, wherein we compare four policies derived from unique properties of gesture passwords. Our main result is that implementing a policy changes user choice, security, usability, and memorability compared to a control group and that the strength of those changes depend on the policies. We report trade-offs among the instruction policies while showing that simple policies cause users to choose stronger and diverse gesture passwords.
AB - Research on gesture passwords suggest they are highly usable and secure, leading them to be proposed as a strong alternative authentication method for touchscreen devices. However, studies demonstrate that user-chosen gesture passwords are biased towards familiar symbols, increasing the risk of guessing. Prior work on gesture elicitation focuses on creating sets with high overlap, but gesture passwords require solving an inverse problem: Minimal overlap between different users. We present the results of the first study (N = 128) of composition policies for gesture passwords, wherein we compare four policies derived from unique properties of gesture passwords. Our main result is that implementing a policy changes user choice, security, usability, and memorability compared to a control group and that the strength of those changes depend on the policies. We report trade-offs among the instruction policies while showing that simple policies cause users to choose stronger and diverse gesture passwords.
UR - http://www.scopus.com/inward/record.url?scp=85030837565&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85030837565&partnerID=8YFLogxK
U2 - 10.1109/CNS.2017.8228644
DO - 10.1109/CNS.2017.8228644
M3 - Conference contribution
AN - SCOPUS:85030837565
T3 - 2017 IEEE Conference on Communications and Network Security, CNS 2017
SP - 1
EP - 9
BT - 2017 IEEE Conference on Communications and Network Security, CNS 2017
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 9 October 2017 through 11 October 2017
ER -