Annual Computer Security Applications Conference (ACSAC) 2014

Full Program »

Understanding Visual Perceptions of Usability and Security of Androids' Graphical Password Pattern

This paper reports the results of a user study of the Android
graphical password system using an alternative survey methodology,
pairwise preferences, that requests participants to select between
pairs of patterns indicating either a security or usability
preference. By carefully selecting password pairs to isolate a
visual feature, a visual perception of usability and security of
different features can be measured. We conducted a large
IRB-approved survey using pairwise preferences which attracted 384
participants on Amazon Mechanical Turk. Analyzing the results, we
find that visual features that can be attributed to complexity
indicated a stronger perception of security, while spatial features,
such as shifts up/down or left/right are not strong indicators for
security or usability. We extended and applied the survey data by
building logistic models to {\em predict} perception preferences by
training on features used in the survey and other features proposed
in related work. The logistic model accurately predicted preferences
above 70\%, twice the rate of random guessing, and the strongest
feature in classification is {\em password distance}, the total
length of all lines in the pattern, a feature {\em not} used in the
online survey. This result provides insight into the {\em internal
visual calculus} of users when comparing choices and selecting
visual passwords, and the ultimate goal of this work is to leverage
the visual calculus to design systems where inherent perceptions for
usability coincides with a known metric of security.

Author(s):