Learning assigned secrets for unlocking mobile devices

Stuart Schechter, Joseph Bonneau

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Nearly all smartphones and tablets support unlocking with a short user-chosen secret: e.g., a numeric PIN or a pattern. To address users' tendency to choose guessable PINs and patterns, we compare two approaches for helping users learn assigned random secrets. In one approach, built on our prior work [16], we assign users a second numeric PIN and, during each login, we require them to enter it after their chosen PIN. In a new approach, we re-arrange the digits on the keypad so that the user's chosen PIN appears on an assigned random sequence of key positions. We performed experiments with over a thousand participants to compare these two repetition-learning approaches to simple user-chosen PINs and assigned PINs that users are required to learn immediately at account set-up time. Almost all of the participants using either repetition-learning approach learned their assigned secrets quickly and could recall them three days after the study. Those using the new mapping approach were less likely to write down their secret. Surprisingly, the learning process was less time consuming for those required to enter an extra PIN.

Original languageEnglish (US)
Title of host publicationSOUPS 2015 - Proceedings of the 11th Symposium on Usable Privacy and Security
PublisherUSENIX Association
Pages277-295
Number of pages19
ISBN (Electronic)9781931971249
StatePublished - Jan 1 2019
Event11th Symposium on Usable Privacy and Security, SOUPS 2015 - Ottawa, Canada
Duration: Jul 22 2015Jul 24 2015

Publication series

NameSOUPS 2015 - Proceedings of the 11th Symposium on Usable Privacy and Security

Conference

Conference11th Symposium on Usable Privacy and Security, SOUPS 2015
CountryCanada
CityOttawa
Period7/22/157/24/15

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Learning assigned secrets for unlocking mobile devices'. Together they form a unique fingerprint.

Cite this