TY - GEN
T1 - Learning assigned secrets for unlocking mobile devices
AU - Schechter, Stuart
AU - Bonneau, Joseph
N1 - Publisher Copyright:
© 2015 by The USENIX Association.
PY - 2019/1/1
Y1 - 2019/1/1
N2 - Nearly all smartphones and tablets support unlocking with a short user-chosen secret: e.g., a numeric PIN or a pattern. To address users' tendency to choose guessable PINs and patterns, we compare two approaches for helping users learn assigned random secrets. In one approach, built on our prior work [16], we assign users a second numeric PIN and, during each login, we require them to enter it after their chosen PIN. In a new approach, we re-arrange the digits on the keypad so that the user's chosen PIN appears on an assigned random sequence of key positions. We performed experiments with over a thousand participants to compare these two repetition-learning approaches to simple user-chosen PINs and assigned PINs that users are required to learn immediately at account set-up time. Almost all of the participants using either repetition-learning approach learned their assigned secrets quickly and could recall them three days after the study. Those using the new mapping approach were less likely to write down their secret. Surprisingly, the learning process was less time consuming for those required to enter an extra PIN.
AB - Nearly all smartphones and tablets support unlocking with a short user-chosen secret: e.g., a numeric PIN or a pattern. To address users' tendency to choose guessable PINs and patterns, we compare two approaches for helping users learn assigned random secrets. In one approach, built on our prior work [16], we assign users a second numeric PIN and, during each login, we require them to enter it after their chosen PIN. In a new approach, we re-arrange the digits on the keypad so that the user's chosen PIN appears on an assigned random sequence of key positions. We performed experiments with over a thousand participants to compare these two repetition-learning approaches to simple user-chosen PINs and assigned PINs that users are required to learn immediately at account set-up time. Almost all of the participants using either repetition-learning approach learned their assigned secrets quickly and could recall them three days after the study. Those using the new mapping approach were less likely to write down their secret. Surprisingly, the learning process was less time consuming for those required to enter an extra PIN.
UR - http://www.scopus.com/inward/record.url?scp=85075911785&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85075911785&partnerID=8YFLogxK
M3 - Conference contribution
T3 - SOUPS 2015 - Proceedings of the 11th Symposium on Usable Privacy and Security
SP - 277
EP - 295
BT - SOUPS 2015 - Proceedings of the 11th Symposium on Usable Privacy and Security
PB - USENIX Association
T2 - 11th Symposium on Usable Privacy and Security, SOUPS 2015
Y2 - 22 July 2015 through 24 July 2015
ER -