Knock, Knock. Who's There? On the Security of LG's Knock Codes

06/05/2020
by   Raina Samuel, et al.
0

Knock Codes are a knowledge-based unlock authentication scheme used on LG smartphones where a user enters a code by tapping or "knocking" a sequence on a 2x2 grid. While a lesser used authentication method, as compared to PINs or Android patterns, there is likely a large number of Knock Code users; we estimate, 700,000–2,500,000 in the US alone. In this paper, we studied Knock Codes security asking participants to select codes on mobile devices in three settings: a control treatment, a blocklist treatment, and a treatment with a larger, 2x3 grid. We find that Knock Codes are significantly weaker than other deployed authentication, e.g., PINs or Android patterns. In a simulated attacker setting, 2x3 grids offered no additional security, but blocklisting was more beneficial, making Knock Codes' security similar to Android patterns. Participants expressed positive perceptions of Knock Codes, but usability was challenged. SUS values were "marginal" or "ok" across treatments. Based on these findings, we recommend deploying blacklists for selecting a Knock Code because it improves security but has limited impact on usability perceptions.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 3

page 16

page 19

page 23

08/24/2020

Double Patterns: A Usable Solution to Increase the Security of Android Unlock Patterns

Android unlock patterns remain quite common. Our study, as well as other...
11/26/2018

A Survey of Collection Methods and Cross-Data Set Comparison of Android Unlock Patterns

Android's graphical password unlock remains one of the most widely used ...
03/10/2020

This PIN Can Be Easily Guessed

In this paper, we provide the first comprehensive study of user-chosen 4...
08/18/2020

Evaluation of Risk-based Re-Authentication Methods

Risk-based Authentication (RBA) is an adaptive security measure that imp...
12/09/2019

Force vs Nudge : Comparing Users Pattern Choices on SysPal and TinPal

Android's 3X3 graphical pattern lock scheme is one of the widely used au...
12/09/2019

Extended- Force vs Nudge : Comparing Users' Pattern Choices on SysPal and TinPal

Android's 3X3 graphical pattern lock scheme is one of the widely used au...
03/10/2020

This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs

In this paper, we provide the first comprehensive study of user-chosen 4...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.