A Study on Usability and Security of Mid-Air Gesture-Based Locking System
01 Jan 2019-pp 313-325
TL;DR: The mid-air-based gesture authentication method for locking system is proposed, and the several criteria on discussion of its advantages over existing ones (PINs and freeform gesture-based methods) through the survey questionnaire was designed.
Abstract: To balance usability and security is an important aspect to be considered in any authentication systems including locking systems. Conventional authentication methods such as text and PINs passwords sacrifice security over usability, while freeform gesture passwords have been introduced as an alternative method, which sacrifices usability over security. In this work, the mid-air-based gesture authentication method for locking system is proposed, and the several criteria on discussion of its advantages over existing ones (PINs and freeform gesture-based methods) through the survey questionnaire was designed. We adopted the Multi-Criteria Satisfaction Analysis (MUSA) to analyze the user’s satisfaction according to the proposed criteria. In addition, the correlation between participants’ satisfaction and three aspects, age difference, gender difference, and education levels, were analyzed. The result revealed the better satisfaction on dimensions of security, use frequency and friendly experience in mid-air gesture authentication.
References
More filters
01 Dec 2003
TL;DR: This paper examines passwords, security tokens, and biometrics-which they collectively call authenticators-and compares their effectiveness against several attacks and suitability for particular security specifications such as compromise detection and nonrepudiation.
Abstract: For decades, the password has been the standard means for user authentication on computers. However, as users are required to remember more, longer, and changing passwords, it is evident that a more convenient and secure solution to user authentication is necessary. This paper examines passwords, security tokens, and biometrics-which we collectively call authenticators-and compares these authenticators and their combinations. We examine their effectiveness against several attacks and suitability for particular security specifications such as compromise detection and nonrepudiation. Examples of authenticator combinations and protocols are described to show tradeoffs and solutions that meet chosen, practical requirements. The paper endeavors to offer a comprehensive picture of user authentication solutions for the purposes of evaluating options for use and identifying deficiencies requiring further research.
732 citations
Proceedings Article•
13 Aug 2004TL;DR: It is shown that permitting user selection of passwords in two graphical password schemes can yield passwords with entropy far below the theoretical optimum and, in some cases, that are highly correlated with the race or gender of the user.
Abstract: Graphical password schemes have been proposed as an alternative to text passwords in applications that support graphics and mouse or stylus entry. In this paper we detail what is, to our knowledge, the largest published empirical evaluation of the effects of user choice on the security of graphical password schemes. We show that permitting user selection of passwords in two graphical password schemes, one based directly on an existing commercial product, can yield passwords with entropy far below the theoretical optimum and, in some cases, that are highly correlated with the race or gender of the user. For one scheme, this effect is so dramatic so as to render the scheme insecure. A conclusion of our work is that graphical password schemes of the type we study may generally require a different posture toward password selection than text passwords, where selection by the user remains the norm today.
509 citations
01 Jan 2000
TL;DR: A usability comparison between a new mechanism for user authentication — Passfaces — and passwords, with 34 student participants in a 3-month field trial indicates the importance of evaluating the usability of security mechanisms in field trials.
Abstract: The proliferation of technology requiring user authentication has increased the number of passwords which users have to remember, creating a significant usability problem. This paper reports a usability comparison between a new mechanism for user authentication — Passfaces — and passwords, with 34 student participants in a 3-month field trial. Fewer login errors were made with Passfaces, even when periods between logins were long. On the computer facilities regularly chosen by participants to log in, Passfaces took a long time to execute. Participants consequently started their work later when using Passfaces than when using passwords, and logged into the system less often. The results emphasise the importance of evaluating the usability of security mechanisms in field trials.
432 citations
01 Nov 2012
TL;DR: The introduction of FAST (Fingergestures Authentication System using Touchscreen), a novel touchscreen based authentication approach on mobile devices that provides excellent post-login access security, without disturbing the honest mobile users.
Abstract: Securing the sensitive data stored and accessed from mobile devices makes user authentication a problem of paramount importance. The tension between security and usability renders however the task of user authentication on mobile devices a challenging task. This paper introduces FAST (Fingergestures Authentication System using Touchscreen), a novel touchscreen based authentication approach on mobile devices. Besides extracting touch data from touchscreen equipped smartphones, FAST complements and validates this data using a digital sensor glove that we have built using off-the-shelf components. FAST leverages state-of-the-art classification algorithms to provide transparent and continuous mobile system protection. A notable feature is FAST 's continuous, user transparent post-login authentication. We use touch data collected from 40 users to show that FAST achieves a False Accept Rate (FAR) of 4.66% and False Reject Rate of 0.13% for the continuous post-login user authentication. The low FAR and FRR values indicate that FAST provides excellent post-login access security, without disturbing the honest mobile users.
336 citations
01 Aug 2007-International Journal of Human-computer Studies \/ International Journal of Man-machine Studies
TL;DR: Imposing password restrictions alone did not necessarily lead to more secure passwords, however, the use of a technique for which the first letter of each word of a sentence was used coupled with a requirement to insert a special character and digit yielded more secure password that were more memorable.
Abstract: Personal information and organizational information need to be protected, which requires that only authorized users gain access to the information. The most commonly used method for authenticating users who attempt to access such information is through the use of username-password combinations. However, this is a weak method of authentication because users tend to generate passwords that are easy to remember but also easy to crack. Proactive password checking, for which passwords must satisfy certain criteria, is one method for improving the security of user-generated passwords. The present study evaluated the time and number of attempts needed to generate unique passwords satisfying different restrictions for multiple accounts, as well as the login time and accuracy for recalling those passwords. Imposing password restrictions alone did not necessarily lead to more secure passwords. However, the use of a technique for which the first letter of each word of a sentence was used coupled with a requirement to insert a special character and digit yielded more secure passwords that were more memorable.
203 citations