Publication Details
Download |
Emanuel von Zezschwitz, Anton Koslow, Alexander De Luca, Heinrich Hussmann
Making Graphic-Based Authentication Secure against Smudge Attacks In IUI '13: Proceedings of the 2013 international conference on Intelligent user interfaces. ACM, New York, NY, USA, 277-286. DOI=10.1145/2449396.2449432, ISBN: 978-1-4503-1965-2. (bib) |
Most of today's smartphones and tablet computers feature touchscreens as the main way of interaction. By using these touchscreens, oily residues of the users' fingers, smudge, remain on the device's display. As this smudge can be used to deduce formerly entered data, authentication tokens are jeopardized. Most notably, grid-based authentication methods, like the Android pattern scheme are prone to such attacks. Based on a thorough development process using low fidelity and high fidelity prototyping, we designed three graphic-based authentication methods in a way to leave smudge traces, which are not easy to interpret. We present one grid-based and two randomized graphical approaches and report on two user studies that we performed to prove the feasibility of these concepts. The authentication schemes were compared to the widely used Android pattern authentication and analyzed in terms of performance, usability and security. The results indicate that our concepts are significantly more secure against smudge attacks while keeping high input speed. |