sponsors
usenix conference policies
Examining Visual-Spatial Paths for Mobile Authentication
David Lu, Taehoon Lee, Sauvik Das, and Jason Hong, Carnegie Mellon University
Inspired by people’s strong memory for visual-spatial paths (e.g., commuting paths), we present in this paper an introductory exploration of the use of these paths for memorable, strong mobile authentication. In a preliminary study, we evaluated several low-fidelity representations for encoding relatively strong (~20 bit) secrets as visual-spatial paths: a 2D birds-eye view, a 3D third-person view, and 3D immersed view. We found that the 3D immersed view worked best for memorability, and used this initial study to inspire the design for a novel mobile authentication application: the Memory Palace. We ran a within-subjects experiment to evaluate our Memory Palace authentication concept against Android’s 9-dot Patternlock along two dimensions: memorability and resilience to shoulder surfing. Results from our experiment suggest people have significantly higher memorability for visual-spatial secrets encoded in the Memory Palace which were also significantly more resilient against shoulder surfing. We conclude with directions for further work: specifically, creating sharable paths for more socially compatible authentication and segmenting secret paths for simple, non-binary access control.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {David Lu and Taehoon Lee and Sauvik Das and Jason Hong},
title = {Examining {Visual-Spatial} Paths for Mobile Authentication},
booktitle = {Twelfth Symposium on Usable Privacy and Security (SOUPS 2016)},
year = {2016},
address = {Denver, CO},
url = {https://www.usenix.org/conference/soups2016/workshop-program/way2016/presentation/lu},
publisher = {USENIX Association},
month = jun
}
connect with us