Author(s): Maximilian Golla, Dennis Deterring, Markus Dürmuth

Download: Paper (PDF)

Date: 26 Feb 2017

Document Type: Reports

Additional Documents: Slides

Associated Event: NDSS Symposium 2017


Mobile devices, such as smartphones and tablets, frequently store confidential data, yet implementing a secure device unlock functionality is non-trivial due to restricted input methods. Graphical knowledge-based schemes have been widely used on smartphones and are generally well adapted to the touchscreen interface on small screens. Recently, graphical password schemes based on emoji have been proposed. They offer potential benefits due to the familiarity of users with emoji and the ease of expressing memorable stories. However, it is well-known from other graphical schemes that user-selected authentication secrets can substantially limit the resulting entropy of the authentication secret. In this work, we study the entropy of user-selected secrets for one exemplary instantiation of emoji-based authentication.We analyzed an implementation using 20 emoji displayed in random order on a grid, where a user selects passcodes of length 4 without further restrictions. We conducted an online user study with 795 participants, using the collected passcodes to determine the resistance to guessing based on several guessing strategies, thus estimating the selection bias. We evaluated Markov model-based guessing strategies based on the selected sequence of emoji, on its position in the grid, and combined models taking into account both features. While we find selection bias based on both the emoji as well as the position, the measured bias is lower than for similar schemes. Depending on the model, we can recover up to 7% at 100 guessing attempts, and up to 11% of the passcodes at 1 000 guessing attempts. (For comparison, previous work on the graphical Android Unlock pattern scheme (CCS 2013) recovered around 18% at 100 and 50% at 1 000 guessing attempts, despite a theoretical keyspace of more than double the size for the Android scheme.) These results demonstrate some potential for a usable and relatively secure scheme and show that the size of the theoretical keyspace is a bad predictor for the realistic guessability of passcodes.