More Web Proxy on the site http://driver.im/

research-article

Locked Your Phone? Buy a New One? From Tales of Fallback Authentication on Smartphones to Actual Concepts

Authors:

Alexander De Luca,

Emanuel von Zezschwitz,

Manuel Demmler,

Heinrich HussmannAuthors Info & Claims

MobileHCI '15: Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services

Pages 295 - 305

https://doi.org/10.1145/2785830.2785839

Published: 24 August 2015 Publication History

Abstract

We describe three scenarios in which fallback authentication on smartphones can occur and evaluate their real-life occurrences in an online survey (n=244) and complementing interviews (n=12). The results provide first insights into frequencies, reasons, countermeasures taken and problems of lockout experiences. Overall, study participants were satisfied with current fallback schemes, but at the same time, fallback authentication was aggravated when special circumstances applied and thus, leave room for improvements. Based on this, we propose an alternative concept for fallback authentication that quizzes users about installed and not installed apps on their device. Authentication succeeds, when users identify a certain number of apps correctly. Our evaluation showed that the concept yields an overall accuracy of 95%.

References

[1]

Anne Adams and Martina Angela Sasse. 1999. Users Are Not the Enemy. Commun. ACM 42, 12 (1999), 40--46.

Digital Library

[2]

Murray W Enkin and Alejandro R Jadad. 1998. Using anecdotal information in evidence-based health care: Heresy or necessity? Annals of Oncology 9, 9 (1998), 963--966.

[3]

Steven Furnell. 2007. An assessment of website password practices. Computers & Security 26, 7 (2007), 445--451.

Digital Library

[4]

Alina Hang, Alexander De Luca, and Heinrich Hussmann. 2014. Using Icon Arrangement for Fallback Authentication on Smartphones. In CHI EA '14. ACM, 2467--2472.

Digital Library

[5]

A. Hang, A. De Luca, and H. Hussmann. 2015. I Know What You Did Last Week! Do You? Dynamic Security Questions for Fallback Authentication on Smartphones. In Proc. CHI'2015. ACM Press, 1383--1392.

Digital Library

[6]

Marian Harbach, Emanuel von Zezschwitz, Andreas Fichtner, Alexander De Luca, and Matthew Smith. 2014. It's a hard lock life: A field study of smartphone (un) locking behavior and risk perception. In SOUPS'14. USENIX Association, 213--230.

[7]

Markus Jakobsson, Erik Stolterman, Susanne Wetzel, and Liu Yang. 2008a. Love and Authentication. In Proc. CHI'2008. ACM Press, 197--200.

Digital Library

[8]

Markus Jakobsson, Liu Yang, and Susanne Wetzel. 2008b. Quantifying the Security of Preference-based Authentication. In Proc. Workshop DIM'08. ACM, 61--70.

Digital Library

[9]

Mike Just. 2004. Designing and Evaluating Challenge-Question Systems. Security & Privacy 2, 5 (2004), 32--39.

Digital Library

[10]

Patrick Gage Kelley. 2010. Conducting Usable Privacy & Security Studies with Amazon's Mechanical Turk. In USER Workshop at SOUPS. 11.

[11]

Ildar Muslukhov, Yazan Boshmaf, Cynthia Kuo, Jonathan Lester, and Konstantin Beznosov. 2013. Know Your Enemy: The Risk of Unauthorized Access in Smartphones by Insiders. In Proc. MobileHCI'13. ACM, 271--280.

Digital Library

[12]

Ahmad Rahmati, Clayton Shepard, Chad Tossell, Mian Dong, Zhen Wang, Lin Zhong, and Philip Kortum. 2011. Tales of 34 iPhone Users: How they change and why they are different. arXiv preprint (2011).

[13]

Stuart Schechter, A. J. Bernheim Brush, and Serge Egelman. 2009a. It's No Secret: Measuring the Security and Reliability of Authentication via 'Secret' Questions. In Proc. SOUPS 2009. ACM Press, Article 40.

Digital Library

[14]

Stuart Schechter, Serge Egelman, and Robert W. Reeder. 2009b. It's Not What You Know, but Who You Know: A Social Approach to Last-resort Authentication. In Proc.CHI 2009. ACM Press, 1983--1992.

Digital Library

[15]

Dirk Van Bruggen, Shu Liu, Mitch Kajzer, Aaron Striegel, Charles R. Crowell, and John D'Arcy. 2013. Modifying Smartphone User Locking Behavior. In Proc. SOUPS'13. ACM, Article 10, 14 pages.

Digital Library

[16]

Emanuel von Zezschwitz, Paul Dunphy, and Alexander De Luca. 2013. Patterns in the Wild: A Field Study of the Usability of Pattern and Pin-based Authentication on Mobile Devices. In Proc. MobileHCI'13. ACM, 261--270.

Digital Library

Cited By

Yamaguchi SGomi HUehara T(2024)User Verification System using Location-based Dynamic Questions for Account Recovery2024 IEEE Security and Privacy Workshops (SPW)10.1109/SPW63631.2024.00006(9-16)Online publication date: 23-May-2024
https://doi.org/10.1109/SPW63631.2024.00006
Farhan ABasharat AAllheeib NKanwal S(2024)Enhancing smartphone security with human centric bimodal fallback authentication leveraging sensorsScientific Reports10.1038/s41598-024-74473-714:1Online publication date: 21-Oct-2024
https://doi.org/10.1038/s41598-024-74473-7
Pöhn DHommel W(2023)Towards an Improved Taxonomy of Attacks Related to Digital Identities and Identity Management SystemsSecurity and Communication Networks10.1155/2023/55733102023Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1155/2023/5573310
Show More Cited By

Index Terms

Locked Your Phone? Buy a New One? From Tales of Fallback Authentication on Smartphones to Actual Concepts
1. Human-centered computing

Recommendations

Evaluating fallback authentication research: A systematic literature review
Abstract
Fallback authentication refers to a chain of alternative authentication schemes that are issued if the main authentication method fails such as the provision of information on credentials and security challenge questions. The user ...
Evaluating smartphone-based dynamic security questions for fallback authentication: a field study

To address the limitations of static challenge question based fallback authentication mechanisms (e.g., easy predictability), recently, smartphone based autobiographical authentication mechanisms have been explored where challenge questions are not ...
Smart smartphone development: iOS versus android
SIGCSE '11: Proceedings of the 42nd ACM technical symposium on Computer science education

In a remarkably short timeframe, developing apps for smartphones has gone from an arcane curiosity to an essential skill set. Employers are scrambling to find developers capable of transforming their ideas into apps. Educators interested in filling that ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

MobileHCI '15: Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services

August 2015

611 pages

ISBN:9781450336529

DOI:10.1145/2785830

General Chairs:
Sebastian Boring
University of Copenhagen, Denmark
,
Enrico Rukzio
University of Ulm, Germany
,
Program Chairs:
Hans Gellersen
Lancaster University, UK
,
Ken Hinckley
Microsoft Research Redmond, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 August 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

MobileHCI '15

Sponsor:

SIGCHI

MobileHCI '15: 17th International Conference on Human-Computer Interaction with Mobile Devices and Services

August 24 - 27, 2015

Copenhagen, Denmark

Acceptance Rates

Overall Acceptance Rate 202 of 906 submissions, 22%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
297
Total Downloads

Downloads (Last 12 months)24
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Yamaguchi SGomi HUehara T(2024)User Verification System using Location-based Dynamic Questions for Account Recovery2024 IEEE Security and Privacy Workshops (SPW)10.1109/SPW63631.2024.00006(9-16)Online publication date: 23-May-2024
https://doi.org/10.1109/SPW63631.2024.00006
Farhan ABasharat AAllheeib NKanwal S(2024)Enhancing smartphone security with human centric bimodal fallback authentication leveraging sensorsScientific Reports10.1038/s41598-024-74473-714:1Online publication date: 21-Oct-2024
https://doi.org/10.1038/s41598-024-74473-7
Pöhn DHommel W(2023)Towards an Improved Taxonomy of Attacks Related to Digital Identities and Identity Management SystemsSecurity and Communication Networks10.1155/2023/55733102023Online publication date: 1-Jan-2023
https://dl.acm.org/doi/10.1155/2023/5573310
Amft SHöltervennhoff SHuaman NKrause ASimko LAcar YFahl SMeng WJensen CCremers CKirda E(2023)"We've Disabled MFA for You": An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery DeploymentsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623180(3138-3152)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623180
Yamaguchi SGomi HUehara T(2023)Enhancing Account Recovery with Location-based Dynamic Questions2023 IEEE 23rd International Conference on Software Quality, Reliability, and Security Companion (QRS-C)10.1109/QRS-C60940.2023.00061(532-539)Online publication date: 22-Oct-2023
https://doi.org/10.1109/QRS-C60940.2023.00061
Pöhn DGruschka NZiegler LBüttner A(2023)A framework for analyzing authentication risks in account networksComputers and Security10.1016/j.cose.2023.103515135:COnline publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1016/j.cose.2023.103515
AlHusain RAlkhalifah A(2022)Evaluating fallback authentication researchComputers and Security10.1016/j.cose.2021.102487111:COnline publication date: 9-Apr-2022
https://dl.acm.org/doi/10.1016/j.cose.2021.102487
Micallef NArachchilage N(2021)Understanding users’ perceptions to improve fallback authenticationPersonal and Ubiquitous Computing10.1007/s00779-021-01571-yOnline publication date: 23-May-2021
https://doi.org/10.1007/s00779-021-01571-y
Addas ASalehi-Abari AThorpe J(2019)Geographical Security Questions for Fallback Authentication2019 17th International Conference on Privacy, Security and Trust (PST)10.1109/PST47121.2019.8949063(1-6)Online publication date: Aug-2019
https://doi.org/10.1109/PST47121.2019.8949063
Addas AThorpe JSalehi-Abari A(2019)Geographic Hints for Passphrase Authentication2019 17th International Conference on Privacy, Security and Trust (PST)10.1109/PST47121.2019.8949033(1-9)Online publication date: Aug-2019
https://doi.org/10.1109/PST47121.2019.8949033
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents