RUcore: Rutgers University Community Repository
Usable security: human factors in mobile authentication
Descriptive
TitleInfo
Title
Usable security: human factors in mobile authentication
Name
(type = personal)
NamePart
(type = family)
Yang
NamePart
(type = given)
Yulong
NamePart
(type = date)
1988-
DisplayForm
Yulong Yang
Role
RoleTerm
(authority = RULIB)
author
Name
(type = personal)
NamePart
(type = family)
Lindqvist
NamePart
(type = given)
Janne
DisplayForm
Janne Lindqvist
Affiliation
Advisory Committee
Role
RoleTerm
(authority = RULIB)
chair
Name
(type = personal)
NamePart
(type = family)
Trappe
NamePart
(type = given)
Wade
DisplayForm
Wade Trappe
Affiliation
Advisory Committee
Role
RoleTerm
(authority = RULIB)
internal member
Name
(type = personal)
NamePart
(type = family)
Martin
NamePart
(type = given)
Richard
DisplayForm
Richard Martin
Affiliation
Advisory Committee
Role
RoleTerm
(authority = RULIB)
internal member
Name
(type = personal)
NamePart
(type = family)
Miller
NamePart
(type = given)
Robert
DisplayForm
Robert Miller
Affiliation
Advisory Committee
Role
RoleTerm
(authority = RULIB)
outside member
Name
(type = corporate)
NamePart
Rutgers University
Role
RoleTerm
(authority = RULIB)
degree grantor
Name
(type = corporate)
NamePart
Graduate School - New Brunswick
Role
RoleTerm
(authority = RULIB)
school
TypeOfResource
Text
Genre
(authority = marcgt)
theses
OriginInfo
DateCreated
(qualifier = exact)
2016
DateOther
(qualifier = exact);
(type = degree)
2016-10
CopyrightDate
(encoding = w3cdtf);
(qualifier = exact)
2016
Place
PlaceTerm
(type = code)
xx
Language
LanguageTerm
(authority = ISO639-2b);
(type = code)
eng
Abstract
(type = abstract)
Text passwords are still the primary authentication mechanism for computers and online systems world-wide. Prior work indicates that they would likely persist in the foreseeable future, despite alternative proposals. Therefore, it is crucial to examine the open issues in text passwords. In addition, instead of replacing text passwords entirely, alternatives could be proposed for use under specific context. Under such premises, this thesis focused on (1) to demonstrate the field performance of a serious alternative method for mobile authentication and (2) to propose a systematic experiment design to study password memorability. Designed to be used for desktop computers originally, text passwords are not suitable for modern platforms such as mobile devices. Using text passwords on mobile devices is a drastically different experience, because of the different form factor and context. From a between-group lab study comparing passwords usage on different devices, we learned that the form factor alone already has an effect on aspects of passwords such as the amount of lowercase letters used per password. Meanwhile, recent studies suggest that free-form gesture passwords are a viable alternative as an authentication method on touchscreen devices. However, little is known about the actual advantages they carry when deployed for everyday mobile use. We performed the first field study (N=91) of mobile authentication using free-form gestures, with text passwords being the baseline. Motivated by Experience Sampling Method (ESM), our study design aimed at increasing ecological validity while still maintaining control of the experiment. We found that, with gesture passwords, participants gen- erated new passwords and authenticated faster with comparable memorability, while being more willing to retry. Our analysis of the gesture password dataset indicated the choice of gestures varied across categories. Our findings demonstrated gesture passwords are a serious alternative for mobile context. A major struggle people have with text passwords is to create ones that are both secure and memorable. Although there has been research on measuring password security, we have yet to systematically discover the factors to affect password memorability. By combining existing memory findings and password specific contexts, we proposed a field experiment design centering on two major factors that affect password memorability: log-in frequency and password condition. Log-in frequency defines the frequency of log-in tasks, and password condition defines the condition each password was created. The result of the experiment revealed that potential effects of our factors exist and pointed out directions for future studies.
Subject
(authority = RUETD)
Topic
Electrical and Computer Engineering
Subject
(authority = ETD-LCSH)
Topic
Mobile computing--Security measures
Subject
(authority = ETD-LCSH)
Topic
Computers--Access control
Subject
(authority = ETD-LCSH)
Topic
Computer security
RelatedItem
(type = host)
TitleInfo
Title
Rutgers University Electronic Theses and Dissertations
Identifier
(type = RULIB)
ETD
RelatedItem
(type = host)
TitleInfo
Title
Graduate School - New Brunswick Electronic Theses and Dissertations
Identifier
(type = local)
rucore19991600001
Identifier
ETD_7610
Identifier
(type = doi)
doi:10.7282/T3BV7JZN
PhysicalDescription
Form
(authority = gmd)
electronic resource
InternetMediaType
application/pdf
InternetMediaType
text/xml
Extent
1 online resource (xviii, 97 p. : ill.)
Note
(type = degree)
Ph.D.
Note
(type = bibliography)
Includes bibliographical references
Note
(type = statement of responsibility)
by Yulong Yang
Location
PhysicalLocation
(authority = marcorg);
(displayLabel = Rutgers, The State University of New Jersey)
NjNbRU
Genre
(authority = ExL-Esploro)
ETD doctoral
Back to the top
Rights
RightsDeclaration
(ID = rulibRdec0006)
The author owns the copyright to this work.
RightsHolder
(type = personal)
Name
FamilyName
Yang
GivenName
Yulong
Role
Copyright Holder
RightsEvent
Type
Permission or license
DateTime
(encoding = w3cdtf);
(qualifier = exact);
(point = start)
2016-09-22 02:47:38
AssociatedEntity
Name
Yulong Yang
Role
Copyright holder
Affiliation
Rutgers University. Graduate School - New Brunswick
AssociatedObject
Type
License
Name
Author Agreement License
Detail
I hereby grant to the Rutgers University Libraries and to my school the non-exclusive right to archive, reproduce and distribute my thesis or dissertation, in whole or in part, and/or my abstract, in whole or in part, in and from an electronic format, subject to the release date subsequently stipulated in this submittal form and approved by my school. I represent and stipulate that the thesis or dissertation and its abstract are my original work, that they do not infringe or violate any rights of others, and that I make these grants as the sole owner of the rights to my thesis or dissertation and its abstract. I represent that I have obtained written permissions, when necessary, from the owner(s) of each third party copyrighted matter to be included in my thesis or dissertation and will supply copies of such upon request by my school. I acknowledge that RU ETD and my school will not distribute my thesis or dissertation or its abstract if, in their reasonable judgment, they believe all such rights have not been secured. I acknowledge that I retain ownership rights to the copyright of my work. I also retain the right to use all or part of this thesis or dissertation in future works, such as articles or books.
RightsEvent
DateTime
(encoding = w3cdtf);
(qualifier = exact);
(point = start)
2016-10-31
DateTime
(encoding = w3cdtf);
(qualifier = exact);
(point = end)
2017-10-31
Type
Embargo
Detail
Access to this PDF has been restricted at the author's request. It will be publicly available after October 31st, 2017.
Copyright
Status
Copyright protected
Availability
Status
Open
Reason
Permission or license
Back to the top
Technical
RULTechMD
(ID = TECHNICAL1)
ContentModel
ETD
OperatingSystem
(VERSION = 5.1)
windows xp
CreatingApplication
Version
1.5
ApplicationName
pdfTeX-1.40.17
DateCreated
(point = end);
(encoding = w3cdtf);
(qualifier = exact)
2016-10-05T12:53:29
DateCreated
(point = end);
(encoding = w3cdtf);
(qualifier = exact)
2016-10-05T12:53:29
Back to the top
Statistical Profile