Publication Details
Download |
Lukas Mecke, Daniel Buschek, Mathias Kiermeier, Sarah Prange, Florian Alt
Exploring Intentional Behaviour Modifications for Password Typing on Mobile Touchscreen Devices In SOUPS 2019: Fifteenth Symposium on Usable Privacy and Security, Santa Clara, CA, USA, August 11 - 13, 2019. USENIX Association. (bib) |
Behavioural biometric systems are based on the premise that human behaviour is hard to intentionally change and imitate. So far, changing input behaviour has been studied with the goal of supporting mimicry attacks. Going beyond attacks, this paper presents the first study on understanding usersâ ability to modify their typing behaviour when entering passwords on smartphones. In a prestudy (N=114), we developed visual text annotations to communicate modifications of typing behaviour (for example, gap between letters indicates how fast to move between keys). In a lab study (N=24), participants entered given passwords with such modification instructions on a smartphone in two sessions a week apart. Our results show that users successfully control and modify typing features (flight time, hold time, touch area, touch-to-key offset), yet certain combinations are challenging. We discuss implications for usability and security of mobile passwords, such as informing behavioural biometrics for password entry, and extending the password space through explicit modifications. |