Abstract

Abstract: We have proposed gesture passwords as a ubiquitous authentication technology, especially targeting mobile device unlocking. Gesture passwords present a fascinating design space for authentication. They are distinct from graphical passwords, which resemble text-based passwords in the sense that they allow for the password to be exactly reproduced. In contrast, a gesture password cannot be exactly matched: it must be recognized despite not being input by the user the same way every time. In this talk, we will present the results of several lab and field studies (MobiSys’14, CHI ’16, CHI ’17, UbiComp’17) on studying usability and security of gesture passwords. We will also present the first approach for measuring the security of gestures with guessing attacks that model real-world attacker behavior. Our dictionary attack, tested on newly collected user data, achieves a cracking rate of 47.71% after two weeks of computation using 10^9 guesses. This is a difference of 35.78 percentage points compared to the 11.93% cracking rate of a benchmark brute-force attack. More details of these works are available at http://securegestures.org/.

Bio: Janne Lindqvist is an assistant professor of electrical and computer engineering at Rutgers University. His work is frequently featured in the popular media with close to thousand mentions so far including several times in Scientific American, IEEE Spectrum, MIT Technology Review, NPR , WHYY Radio, Yahoo! News, International Business Times, Daily Mail, and recently also in ABC News Radio, CBS Radio News, Fortune, Computerworld, Der Spiegel, London Times, Slashdot, The Register, Wired (UK). Janne directs the Rutgers Human-Computer Interaction and Security Engineering Lab. Janne’s work focuses on hard real-world problems, and currently his group and his colleagues work includes usable and secure authentication, mobile privacy, physical-world crowdsourcing, measuring implicit racism in situ, social protocols for wireless networking, and ecological field studies on non-suicidal self-injurious behavior. His awards include the Best Paper Award from MobiCom’12, the Best Paper Nominee Award from UbiComp’14, and Sustainable Jersey Creation & Innovation Award 2014.