On the effectiveness of pattern lock strength meters- Measuring the strength of real world pattern locks

Youngbae Song; Geumhwan Cho; Seongyeol Oh; Hyoungshick Kim; Jun Ho Huh

doi:10.1145/2702123.2702365

On the effectiveness of pattern lock strength meters- Measuring the strength of real world pattern locks

Youngbae Song
, Geumhwan Cho
, Seongyeol Oh
, Hyoungshick Kim
, Jun Ho Huh

Department of Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

43 Scopus citations

Abstract

We propose an effective pattern lock strength meter to help users choose stronger pattern locks on Android devices. To evaluate the effectiveness of the proposed meter with a real world dataset (i.e., with complete ecological validity), we created an Android application called EnCloud that allows users to encrypt their Dropbox files. 101 pattern locks generated by real EnCloud users were collected and analyzed, where some portion of the users were provided with the meter support. Our statistical analysis indicates that about 10% of the pattern locks that were generated without the meter support could be compromised through just 16 guessing attempts. As for the pattern locks that were generated with the meter support, that number goes up to 48 guessing attempts, showing significant improvement in security. Our recommendation is to implement a strength meter in the next version of Android.

Original language	English
Title of host publication	CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems
Subtitle of host publication	Crossings
Publisher	Association for Computing Machinery
Pages	2343-2352
Number of pages	10
ISBN (Electronic)	9781450331456
DOIs	https://doi.org/10.1145/2702123.2702365
State	Published - 18 Apr 2015
Event	33rd Annual CHI Conference on Human Factors in Computing Systems, CHI 2015 - Seoul, Korea, Republic of Duration: 18 Apr 2015 → 23 Apr 2015

Publication series

Name	Conference on Human Factors in Computing Systems - Proceedings
Volume	2015-April

Conference

Conference	33rd Annual CHI Conference on Human Factors in Computing Systems, CHI 2015
Country/Territory	Korea, Republic of
City	Seoul
Period	18/04/15 → 23/04/15

Keywords

Password
Password strength meter
Pattern lock
Security

Access to Document

10.1145/2702123.2702365

Cite this

Song, Y., Cho, G., Oh, S., Kim, H., & Huh, J. H. (2015). On the effectiveness of pattern lock strength meters- Measuring the strength of real world pattern locks. In CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems: Crossings (pp. 2343-2352). (Conference on Human Factors in Computing Systems - Proceedings; Vol. 2015-April). Association for Computing Machinery. https://doi.org/10.1145/2702123.2702365

Song, Youngbae ; Cho, Geumhwan ; Oh, Seongyeol et al. / On the effectiveness of pattern lock strength meters- Measuring the strength of real world pattern locks. CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems: Crossings. Association for Computing Machinery, 2015. pp. 2343-2352 (Conference on Human Factors in Computing Systems - Proceedings).

@inproceedings{45a38858a05540d098232261f39cc0d7,

title = "On the effectiveness of pattern lock strength meters- Measuring the strength of real world pattern locks",

abstract = "We propose an effective pattern lock strength meter to help users choose stronger pattern locks on Android devices. To evaluate the effectiveness of the proposed meter with a real world dataset (i.e., with complete ecological validity), we created an Android application called EnCloud that allows users to encrypt their Dropbox files. 101 pattern locks generated by real EnCloud users were collected and analyzed, where some portion of the users were provided with the meter support. Our statistical analysis indicates that about 10\% of the pattern locks that were generated without the meter support could be compromised through just 16 guessing attempts. As for the pattern locks that were generated with the meter support, that number goes up to 48 guessing attempts, showing significant improvement in security. Our recommendation is to implement a strength meter in the next version of Android.",

keywords = "Password, Password strength meter, Pattern lock, Security",

author = "Youngbae Song and Geumhwan Cho and Seongyeol Oh and Hyoungshick Kim and Huh, \{Jun Ho\}",

year = "2015",

month = apr,

day = "18",

doi = "10.1145/2702123.2702365",

language = "English",

series = "Conference on Human Factors in Computing Systems - Proceedings",

publisher = "Association for Computing Machinery",

pages = "2343--2352",

booktitle = "CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems",

}

Song, Y, Cho, G, Oh, S, Kim, H & Huh, JH 2015, On the effectiveness of pattern lock strength meters- Measuring the strength of real world pattern locks. in CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems: Crossings. Conference on Human Factors in Computing Systems - Proceedings, vol. 2015-April, Association for Computing Machinery, pp. 2343-2352, 33rd Annual CHI Conference on Human Factors in Computing Systems, CHI 2015, Seoul, Korea, Republic of, 18/04/15. https://doi.org/10.1145/2702123.2702365

On the effectiveness of pattern lock strength meters- Measuring the strength of real world pattern locks. / Song, Youngbae; Cho, Geumhwan; Oh, Seongyeol et al.
CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems: Crossings. Association for Computing Machinery, 2015. p. 2343-2352 (Conference on Human Factors in Computing Systems - Proceedings; Vol. 2015-April).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On the effectiveness of pattern lock strength meters- Measuring the strength of real world pattern locks

AU - Song, Youngbae

AU - Cho, Geumhwan

AU - Oh, Seongyeol

AU - Kim, Hyoungshick

AU - Huh, Jun Ho

PY - 2015/4/18

Y1 - 2015/4/18

N2 - We propose an effective pattern lock strength meter to help users choose stronger pattern locks on Android devices. To evaluate the effectiveness of the proposed meter with a real world dataset (i.e., with complete ecological validity), we created an Android application called EnCloud that allows users to encrypt their Dropbox files. 101 pattern locks generated by real EnCloud users were collected and analyzed, where some portion of the users were provided with the meter support. Our statistical analysis indicates that about 10% of the pattern locks that were generated without the meter support could be compromised through just 16 guessing attempts. As for the pattern locks that were generated with the meter support, that number goes up to 48 guessing attempts, showing significant improvement in security. Our recommendation is to implement a strength meter in the next version of Android.

AB - We propose an effective pattern lock strength meter to help users choose stronger pattern locks on Android devices. To evaluate the effectiveness of the proposed meter with a real world dataset (i.e., with complete ecological validity), we created an Android application called EnCloud that allows users to encrypt their Dropbox files. 101 pattern locks generated by real EnCloud users were collected and analyzed, where some portion of the users were provided with the meter support. Our statistical analysis indicates that about 10% of the pattern locks that were generated without the meter support could be compromised through just 16 guessing attempts. As for the pattern locks that were generated with the meter support, that number goes up to 48 guessing attempts, showing significant improvement in security. Our recommendation is to implement a strength meter in the next version of Android.

KW - Password

KW - Password strength meter

KW - Pattern lock

KW - Security

UR - https://www.scopus.com/pages/publications/84951079981

U2 - 10.1145/2702123.2702365

DO - 10.1145/2702123.2702365

M3 - Conference contribution

AN - SCOPUS:84951079981

T3 - Conference on Human Factors in Computing Systems - Proceedings

SP - 2343

EP - 2352

BT - CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems

PB - Association for Computing Machinery

T2 - 33rd Annual CHI Conference on Human Factors in Computing Systems, CHI 2015

Y2 - 18 April 2015 through 23 April 2015

ER -

Song Y, Cho G, Oh S, Kim H, Huh JH. On the effectiveness of pattern lock strength meters- Measuring the strength of real world pattern locks. In CHI 2015 - Proceedings of the 33rd Annual CHI Conference on Human Factors in Computing Systems: Crossings. Association for Computing Machinery. 2015. p. 2343-2352. (Conference on Human Factors in Computing Systems - Proceedings). doi: 10.1145/2702123.2702365

On the effectiveness of pattern lock strength meters- Measuring the strength of real world pattern locks

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this