Guidelines

Guidelines are based on scientific sources.

Graphical Passwords on Smartphones

Name Graphical Passwords on Smartphones
Sources (Schaub et al., 2013)
Synonyms None
Context Graphical Passwords on Smartphones
Item 1 cued-recall and recognition schemes strike a better balance between security and usability and are preferable over drawing-based recall schemes on smartphones. Thus, the quite popular drawing-based Android Pattern Unlock is suboptimal in terms of security.”
Item 2 grid items or touch targets should be as small as still usable to enhance security by increasing the theoretical password space and observation resistance.”
Item 3 randomized positioning of items is not preferable in terms of usability or security, because users need more time to locate their key image, which also gives observers time to do the same.”
Item 4 spatial and temporal arrangement must be balanced to maintain usability for stronger passwords.
Item 5 no evidence that changing cues are preferable over fixed backgrounds in terms of security or usability.
Item 6 longer passwords increase observation resistance, because they overwhelm the working memory of casual observers.
Item 7 visible grids improve usability (entry time) for stronger passwords, as Pass-Go, [MIBA Multitouch Image Based Authentication] and TAPI [Touchscreen Authentication using Partitioned Images] were significantly faster than CCP [Cued Click Points] for 42 bit passwords.”
Examples see (Schaub et al., 2013)
Related Guidelines Designing Graphical Authentication Mechanism Interfaces
Guidelines for successful authentication
Password Guidance: Simplifying Your Approach
Tags Passwords, Graphical Passwords, Smartphones
Log history [01/18/2019]: Added to repository

References

Schaub, F., Walch, M., Könings, B., Weber, M., 2013. Exploring the design space of graphical passwords on smartphones, in: Proceedings of the Ninth Symposium on Usable Privacy and Security, SOUPS ’13. ACM, New York, NY, USA, pp. 11:1–11:14. doi:10.1145/2501604.2501615