Exploring Intentional Behaviour Modifications for Password Typing on Mobile Touchscreen Devices

Authors: 

Lukas Mecke, University of Applied Sciences Munich, Munich, Germany and LMU Munich, Munich, Germany; Daniel Buschek and Mathias Kiermeier, LMU Munich, Munich, Germany; Sarah Prange, University of Applied Sciences Munich, Munich, Germany and Bundeswehr University Munich, Munich, Germany and LMU Munich, Munich, Germany; Florian Alt, Bundeswehr University Munich, Munich, Germany

Abstract: 

Behavioural biometric systems are based on the premise that human behaviour is hard to intentionally change and imitate. So far, changing input behaviour has been studied with the goal of supporting mimicry attacks. Going beyond attacks, this paper presents the first study on understanding users’ ability to modify their typing behaviour when entering passwords on smartphones. In a prestudy (N=114), we developed visual text annotations to communicate modifications of typing behaviour (for example, gap between letters indicates how fast to move between keys). In a lab study (N=24), participants entered given passwords with such modification instructions on a smartphone in two sessions a week apart. Our results show that users successfully control and modify typing features (flight time, hold time, touch area, touch-to-key offset), yet certain combinations are challenging. We discuss implications for usability and security of mobile passwords, such as informing behavioural biometrics for password entry, and extending the password space through explicit modifications.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {238301,
author = {Lukas Mecke and Daniel Buschek and Mathias Kiermeier and Sarah Prange and Florian Alt},
title = {Exploring Intentional Behaviour Modifications for Password Typing on Mobile Touchscreen Devices},
booktitle = {Fifteenth Symposium on Usable Privacy and Security ({SOUPS} 2019)},
year = {2019},
address = {Santa Clara, CA},
url = {https://www.usenix.org/conference/soups2019/presentation/mecke-behaviour},
publisher = {{USENIX} Association},
month = aug,
}

Presentation Video