Communications of the ACM
A PIN-entry method resilient against shoulder surfing
Proceedings of the 11th ACM conference on Computer and communications security
PassPoints: design and longitudinal evaluation of a graphical password system
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Design and evaluation of a shoulder-surfing resistant graphical password scheme
Proceedings of the working conference on Advanced visual interfaces
The design and analysis of graphical passwords
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Vibrapass: secure authentication based on shared lies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Can i borrow your phone?: understanding concerns when sharing mobile phones
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
VIP: a visual approach to user authentication
Proceedings of the Working Conference on Advanced Visual Interfaces
Visual passwords: cure-all or snake-oil?
Communications of the ACM - Finding the Fun in Computer Science Education
The secure haptic keypad: a tactile password system
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Smudge attacks on smartphone touch screens
WOOT'10 Proceedings of the 4th USENIX conference on Offensive technologies
The phone lock: audio and haptic shoulder-surfing resistant PIN entry methods for mobile devices
Proceedings of the fifth international conference on Tangible, embedded, and embodied interaction
Oily Residuals Security Threat on Smart Phones
RVSP '11 Proceedings of the 2011 First International Conference on Robot, Vision and Signal Processing
Touch me once and i know it's you!: implicit authentication based on touch screen patterns
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
PointPose: finger pose estimation for touch input on mobile devices using a depth sensor
Proceedings of the 2013 ACM international conference on Interactive tabletops and surfaces
| Hi-index | 0.00 |
Most of today's smartphones and tablet computers feature touchscreens as the main way of interaction. By using these touchscreens, oily residues of the users' fingers, smudge, remain on the device's display. As this smudge can be used to deduce formerly entered data, authentication tokens are jeopardized. Most notably, grid-based authentication methods, like the Android pattern scheme are prone to such attacks. Based on a thorough development process using low fidelity and high fidelity prototyping, we designed three graphic-based authentication methods in a way to leave smudge traces, which are not easy to interpret. We present one grid-based and two randomized graphical approaches and report on two user studies that we performed to prove the feasibility of these concepts. The authentication schemes were compared to the widely used Android pattern authentication and analyzed in terms of performance, usability and security. The results indicate that our concepts are significantly more secure against smudge attacks while keeping high input speed.