@inproceedings{c2a31c1686f24b428863bba94296672c,
title = "Pass app: My app is my password!",
abstract = "Existing graphical passwords require users to proactively memorize their secrets and meanwhile these schemes are vulnerable to shoulder surfing attacks. We propose a novel graphical password scheme, PassApp, which utilizes users' everyday memory about installed apps on mobile devices as shared secrets. As the registration stage is no longer needed, PassApp exempts users from additional memory burden and greatly enhances user experience. Additionally, PassApp owns a large password set and only a small part of passwords may be exposed during a login. Therefore, PassApp has a natural advance on effectively resisting guessing attacks and shoulder surfing attacks. Our user studies demonstrate that PassApp performs well with a reasonable login time (7.27s) and a high success rate (95.48%). Our security analysis shows PassApp can effectively withstand one-time shoulder surfing attacks and on average 30 times of shoulder surfing are necessary to expose all passwords.",
keywords = "Graphic password, Installed app, Passapp, Shoulder surfing",
author = "Huiping Sun and Ke Wang and Xu Li and Nan Qin and Zhong Chen",
year = "2015",
month = aug,
day = "24",
doi = "10.1145/2785830.2785880",
language = "English (US)",
series = "MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services",
publisher = "Association for Computing Machinery, Inc",
pages = "306--315",
booktitle = "MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services",
note = "17th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI 2015 ; Conference date: 24-08-2015 Through 27-08-2015",
}