Exploring Intentional Behaviour Modifications for Password Typing on Mobile Touchscreen Devices

Behavioural biometric systems are based on the premise thathuman behaviour is hard to intentionally change and imitate.So far, changing input behaviour has been studied with thegoal of supporting mimicry attacks. Going beyond attacks,this paper presents the first study on understanding users’ ability to modify their typing behaviour when entering passwordson smartphones. In a prestudy (N=114), we developed visual text annotations to communicate modifications of typing behaviour (for example, gap between letters indicates how fastto move between keys). In a lab study (N=24), participantsentered given passwords with such modification instructionson a smartphone in two sessions a week apart. Our resultsshow that users successfully control and modify typing features (flight time, hold time, touch area, touch-to-key offset),yet certain combinations are challenging. We discuss implications for usability and security of mobile passwords, suchas informing behavioural biometrics for password entry, andextending the password space through explicit modifications.

Publication

Lukas Mecke, Daniel Buschek, Mathias Kiermeier, Sarah Prange and Florian Alt.Exploring Intentional Behaviour Modifications for Password Typing on Mobile Touchscreen Devices.In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). USENIX Association, Santa Clara, CA.[Download Bibtex][Video of the Presentation]