Pass app: My app is my password!

Huiping Sun, Ke Wang, Xu Li, Nan Qin, Zhong Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Scopus citations

Abstract

Existing graphical passwords require users to proactively memorize their secrets and meanwhile these schemes are vulnerable to shoulder surfing attacks. We propose a novel graphical password scheme, PassApp, which utilizes users' everyday memory about installed apps on mobile devices as shared secrets. As the registration stage is no longer needed, PassApp exempts users from additional memory burden and greatly enhances user experience. Additionally, PassApp owns a large password set and only a small part of passwords may be exposed during a login. Therefore, PassApp has a natural advance on effectively resisting guessing attacks and shoulder surfing attacks. Our user studies demonstrate that PassApp performs well with a reasonable login time (7.27s) and a high success rate (95.48%). Our security analysis shows PassApp can effectively withstand one-time shoulder surfing attacks and on average 30 times of shoulder surfing are necessary to expose all passwords.

Original languageEnglish (US)
Title of host publicationMobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services
PublisherAssociation for Computing Machinery, Inc
Pages306-315
Number of pages10
ISBN (Electronic)9781450336529
DOIs
StatePublished - Aug 24 2015
Event17th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI 2015 - Copenhagen, Denmark
Duration: Aug 24 2015Aug 27 2015

Publication series

NameMobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services

Other

Other17th International Conference on Human-Computer Interaction with Mobile Devices and Services, MobileHCI 2015
CountryDenmark
CityCopenhagen
Period8/24/158/27/15

Keywords

  • Graphic password
  • Installed app
  • Passapp
  • Shoulder surfing

ASJC Scopus subject areas

  • Information Systems
  • Software
  • Computer Networks and Communications
  • Human-Computer Interaction

Fingerprint Dive into the research topics of 'Pass app: My app is my password!'. Together they form a unique fingerprint.

  • Cite this

    Sun, H., Wang, K., Li, X., Qin, N., & Chen, Z. (2015). Pass app: My app is my password! In MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services (pp. 306-315). (MobileHCI 2015 - Proceedings of the 17th International Conference on Human-Computer Interaction with Mobile Devices and Services). Association for Computing Machinery, Inc. https://doi.org/10.1145/2785830.2785880