Pass app: My app is my password!

Huiping Sun; Ke Wang; Xu Li; Nan Qin; Zhong Chen

doi:10.1145/2785830.2785880

Pass app: My app is my password!

Huiping Sun, Ke Wang, Xu Li, Nan Qin, Zhong Chen

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

13 Scopus citations

Abstract

Existing graphical passwords require users to proactively memorize their secrets and meanwhile these schemes are vulnerable to shoulder surfing attacks. We propose a novel graphical password scheme, PassApp, which utilizes users' everyday memory about installed apps on mobile devices as shared secrets. As the registration stage is no longer needed, PassApp exempts users from additional memory burden and greatly enhances user experience. Additionally, PassApp owns a large password set and only a small part of passwords may be exposed during a login. Therefore, PassApp has a natural advance on effectively resisting guessing attacks and shoulder surfing attacks. Our user studies demonstrate that PassApp performs well with a reasonable login time (7.27s) and a high success rate (95.48%). Our security analysis shows PassApp can effectively withstand one-time shoulder surfing attacks and on average 30 times of shoulder surfing are necessary to expose all passwords.

Original language	English (US)
Title of host publication	MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services
Publisher	Association for Computing Machinery, Inc
Pages	306-315
Number of pages	10
ISBN (Electronic)	9781450336529
DOIs	https://doi.org/10.1145/2785830.2785880
State	Published - Aug 24 2015
Event	17th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI 2015 - Copenhagen, Denmark Duration: Aug 24 2015 → Aug 27 2015

Publication series

Name	MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services

Other

Other	17th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI 2015
Country/Territory	Denmark
City	Copenhagen
Period	8/24/15 → 8/27/15

Keywords

Graphic password
Installed app
Passapp
Shoulder surfing

ASJC Scopus subject areas

Information Systems
Software
Computer Networks and Communications
Human-Computer Interaction

Access to Document

10.1145/2785830.2785880

Cite this

Sun, H., Wang, K., Li, X., Qin, N., & Chen, Z. (2015). Pass app: My app is my password! In MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services (pp. 306-315). (MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services). Association for Computing Machinery, Inc. https://doi.org/10.1145/2785830.2785880

Pass app: My app is my password! / Sun, Huiping; Wang, Ke; Li, Xu et al.
MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services. Association for Computing Machinery, Inc, 2015. p. 306-315 (MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sun, H, Wang, K, Li, X, Qin, N & Chen, Z 2015, Pass app: My app is my password! in MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services. MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services, Association for Computing Machinery, Inc, pp. 306-315, 17th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI 2015, Copenhagen, Denmark, 8/24/15. https://doi.org/10.1145/2785830.2785880

Sun H, Wang K, Li X, Qin N, Chen Z. Pass app: My app is my password! In MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services. Association for Computing Machinery, Inc. 2015. p. 306-315. (MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services). doi: 10.1145/2785830.2785880

Sun, Huiping ; Wang, Ke ; Li, Xu et al. / Pass app : My app is my password!. MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services. Association for Computing Machinery, Inc, 2015. pp. 306-315 (MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services).

@inproceedings{c2a31c1686f24b428863bba94296672c,

title = "Pass app: My app is my password!",

abstract = "Existing graphical passwords require users to proactively memorize their secrets and meanwhile these schemes are vulnerable to shoulder surfing attacks. We propose a novel graphical password scheme, PassApp, which utilizes users' everyday memory about installed apps on mobile devices as shared secrets. As the registration stage is no longer needed, PassApp exempts users from additional memory burden and greatly enhances user experience. Additionally, PassApp owns a large password set and only a small part of passwords may be exposed during a login. Therefore, PassApp has a natural advance on effectively resisting guessing attacks and shoulder surfing attacks. Our user studies demonstrate that PassApp performs well with a reasonable login time (7.27s) and a high success rate (95.48%). Our security analysis shows PassApp can effectively withstand one-time shoulder surfing attacks and on average 30 times of shoulder surfing are necessary to expose all passwords.",

keywords = "Graphic password, Installed app, Passapp, Shoulder surfing",

author = "Huiping Sun and Ke Wang and Xu Li and Nan Qin and Zhong Chen",

year = "2015",

month = aug,

day = "24",

doi = "10.1145/2785830.2785880",

language = "English (US)",

series = "MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services",

publisher = "Association for Computing Machinery, Inc",

pages = "306--315",

booktitle = "MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services",

note = "17th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI 2015 ; Conference date: 24-08-2015 Through 27-08-2015",

}

TY - GEN

T1 - Pass app

T2 - 17th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI 2015

AU - Sun, Huiping

AU - Wang, Ke

AU - Li, Xu

AU - Qin, Nan

AU - Chen, Zhong

PY - 2015/8/24

Y1 - 2015/8/24

N2 - Existing graphical passwords require users to proactively memorize their secrets and meanwhile these schemes are vulnerable to shoulder surfing attacks. We propose a novel graphical password scheme, PassApp, which utilizes users' everyday memory about installed apps on mobile devices as shared secrets. As the registration stage is no longer needed, PassApp exempts users from additional memory burden and greatly enhances user experience. Additionally, PassApp owns a large password set and only a small part of passwords may be exposed during a login. Therefore, PassApp has a natural advance on effectively resisting guessing attacks and shoulder surfing attacks. Our user studies demonstrate that PassApp performs well with a reasonable login time (7.27s) and a high success rate (95.48%). Our security analysis shows PassApp can effectively withstand one-time shoulder surfing attacks and on average 30 times of shoulder surfing are necessary to expose all passwords.

AB - Existing graphical passwords require users to proactively memorize their secrets and meanwhile these schemes are vulnerable to shoulder surfing attacks. We propose a novel graphical password scheme, PassApp, which utilizes users' everyday memory about installed apps on mobile devices as shared secrets. As the registration stage is no longer needed, PassApp exempts users from additional memory burden and greatly enhances user experience. Additionally, PassApp owns a large password set and only a small part of passwords may be exposed during a login. Therefore, PassApp has a natural advance on effectively resisting guessing attacks and shoulder surfing attacks. Our user studies demonstrate that PassApp performs well with a reasonable login time (7.27s) and a high success rate (95.48%). Our security analysis shows PassApp can effectively withstand one-time shoulder surfing attacks and on average 30 times of shoulder surfing are necessary to expose all passwords.

KW - Graphic password

KW - Installed app

KW - Passapp

KW - Shoulder surfing

UR - http://www.scopus.com/inward/record.url?scp=84959342483&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84959342483&partnerID=8YFLogxK

U2 - 10.1145/2785830.2785880

DO - 10.1145/2785830.2785880

M3 - Conference contribution

AN - SCOPUS:84959342483

T3 - MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services

SP - 306

EP - 315

BT - MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services

PB - Association for Computing Machinery, Inc

Y2 - 24 August 2015 through 27 August 2015

ER -

Pass app: My app is my password!

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this