Pass app: My app is my password!

Huiping Sun, Ke Wang, Xu Li, Nan Qin, Zhong Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

Existing graphical passwords require users to proactively memorize their secrets and meanwhile these schemes are vulnerable to shoulder surfing attacks. We propose a novel graphical password scheme, PassApp, which utilizes users' everyday memory about installed apps on mobile devices as shared secrets. As the registration stage is no longer needed, PassApp exempts users from additional memory burden and greatly enhances user experience. Additionally, PassApp owns a large password set and only a small part of passwords may be exposed during a login. Therefore, PassApp has a natural advance on effectively resisting guessing attacks and shoulder surfing attacks. Our user studies demonstrate that PassApp performs well with a reasonable login time (7.27s) and a high success rate (95.48%). Our security analysis shows PassApp can effectively withstand one-time shoulder surfing attacks and on average 30 times of shoulder surfing are necessary to expose all passwords.

Original languageEnglish (US)
Title of host publicationMobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services
PublisherAssociation for Computing Machinery, Inc
Pages306-315
Number of pages10
ISBN (Electronic)9781450336529
DOIs
StatePublished - Aug 24 2015
Event17th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI 2015 - Copenhagen, Denmark
Duration: Aug 24 2015Aug 27 2015

Other

Other17th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI 2015
CountryDenmark
CityCopenhagen
Period8/24/158/27/15

Fingerprint

Application programs
Data storage equipment
Mobile devices

Keywords

  • Graphic password
  • Installed app
  • Passapp
  • Shoulder surfing

ASJC Scopus subject areas

  • Information Systems
  • Software
  • Computer Networks and Communications
  • Human-Computer Interaction

Cite this

Sun, H., Wang, K., Li, X., Qin, N., & Chen, Z. (2015). Pass app: My app is my password! In MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services (pp. 306-315). Association for Computing Machinery, Inc. https://doi.org/10.1145/2785830.2785880

Pass app : My app is my password! / Sun, Huiping; Wang, Ke; Li, Xu; Qin, Nan; Chen, Zhong.

MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services. Association for Computing Machinery, Inc, 2015. p. 306-315.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Sun, H, Wang, K, Li, X, Qin, N & Chen, Z 2015, Pass app: My app is my password! in MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services. Association for Computing Machinery, Inc, pp. 306-315, 17th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI 2015, Copenhagen, Denmark, 8/24/15. https://doi.org/10.1145/2785830.2785880
Sun H, Wang K, Li X, Qin N, Chen Z. Pass app: My app is my password! In MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services. Association for Computing Machinery, Inc. 2015. p. 306-315 https://doi.org/10.1145/2785830.2785880
Sun, Huiping ; Wang, Ke ; Li, Xu ; Qin, Nan ; Chen, Zhong. / Pass app : My app is my password!. MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services. Association for Computing Machinery, Inc, 2015. pp. 306-315
@inproceedings{c2a31c1686f24b428863bba94296672c,
title = "Pass app: My app is my password!",
abstract = "Existing graphical passwords require users to proactively memorize their secrets and meanwhile these schemes are vulnerable to shoulder surfing attacks. We propose a novel graphical password scheme, PassApp, which utilizes users' everyday memory about installed apps on mobile devices as shared secrets. As the registration stage is no longer needed, PassApp exempts users from additional memory burden and greatly enhances user experience. Additionally, PassApp owns a large password set and only a small part of passwords may be exposed during a login. Therefore, PassApp has a natural advance on effectively resisting guessing attacks and shoulder surfing attacks. Our user studies demonstrate that PassApp performs well with a reasonable login time (7.27s) and a high success rate (95.48{\%}). Our security analysis shows PassApp can effectively withstand one-time shoulder surfing attacks and on average 30 times of shoulder surfing are necessary to expose all passwords.",
keywords = "Graphic password, Installed app, Passapp, Shoulder surfing",
author = "Huiping Sun and Ke Wang and Xu Li and Nan Qin and Zhong Chen",
year = "2015",
month = "8",
day = "24",
doi = "10.1145/2785830.2785880",
language = "English (US)",
pages = "306--315",
booktitle = "MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services",
publisher = "Association for Computing Machinery, Inc",

}

TY - GEN

T1 - Pass app

T2 - My app is my password!

AU - Sun, Huiping

AU - Wang, Ke

AU - Li, Xu

AU - Qin, Nan

AU - Chen, Zhong

PY - 2015/8/24

Y1 - 2015/8/24

N2 - Existing graphical passwords require users to proactively memorize their secrets and meanwhile these schemes are vulnerable to shoulder surfing attacks. We propose a novel graphical password scheme, PassApp, which utilizes users' everyday memory about installed apps on mobile devices as shared secrets. As the registration stage is no longer needed, PassApp exempts users from additional memory burden and greatly enhances user experience. Additionally, PassApp owns a large password set and only a small part of passwords may be exposed during a login. Therefore, PassApp has a natural advance on effectively resisting guessing attacks and shoulder surfing attacks. Our user studies demonstrate that PassApp performs well with a reasonable login time (7.27s) and a high success rate (95.48%). Our security analysis shows PassApp can effectively withstand one-time shoulder surfing attacks and on average 30 times of shoulder surfing are necessary to expose all passwords.

AB - Existing graphical passwords require users to proactively memorize their secrets and meanwhile these schemes are vulnerable to shoulder surfing attacks. We propose a novel graphical password scheme, PassApp, which utilizes users' everyday memory about installed apps on mobile devices as shared secrets. As the registration stage is no longer needed, PassApp exempts users from additional memory burden and greatly enhances user experience. Additionally, PassApp owns a large password set and only a small part of passwords may be exposed during a login. Therefore, PassApp has a natural advance on effectively resisting guessing attacks and shoulder surfing attacks. Our user studies demonstrate that PassApp performs well with a reasonable login time (7.27s) and a high success rate (95.48%). Our security analysis shows PassApp can effectively withstand one-time shoulder surfing attacks and on average 30 times of shoulder surfing are necessary to expose all passwords.

KW - Graphic password

KW - Installed app

KW - Passapp

KW - Shoulder surfing

UR - http://www.scopus.com/inward/record.url?scp=84959342483&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84959342483&partnerID=8YFLogxK

U2 - 10.1145/2785830.2785880

DO - 10.1145/2785830.2785880

M3 - Conference contribution

AN - SCOPUS:84959342483

SP - 306

EP - 315

BT - MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services

PB - Association for Computing Machinery, Inc

ER -