This PIN Can Be Easily Guessed: Analyzing the Security of Smartphone Unlock PINs

03/10/2020
by   Philipp Markert, et al.
0

In this paper, we provide the first comprehensive study of user-chosen 4- and 6-digit PINs (n=1220) collected on smartphones with participants being explicitly primed for device unlocking. We find that against a throttled attacker (with 10, 30, or 100 guesses, matching the smartphone unlock setting), using 6-digit PINs instead of 4-digit PINs provides little to no increase in security, and surprisingly may even decrease security. We also study the effects of blacklists, where a set of "easy to guess" PINs is disallowed during selection. Two such blacklists are in use today by iOS, for 4-digits (274 PINs) as well as 6-digits (2910 PINs). We extracted both blacklists compared them with four other blacklists, including a small 4-digit (27 PINs), a large 4-digit (2740 PINs), and two placebo blacklists for 4- and 6-digit PINs that always excluded the first-choice PIN. We find that relatively small blacklists in use today by iOS offer little or no benefit against a throttled guessing attack. Security gains are only observed when the blacklists are much larger, which in turn comes at the cost of increased user frustration. Our analysis suggests that a blacklist at about 10 balance between usability and security.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

03/10/2020

This PIN Can Be Easily Guessed

In this paper, we provide the first comprehensive study of user-chosen 4...
07/03/2020

Smartphone Security Behavioral Scale: A NewPsychometric Measurement for Smartphone Security

Despite widespread use of smartphones, there is no measurement standard ...
07/03/2020

Smartphone Security Behavioral Scale: A New Psychometric Measurement for Smartphone Security

Despite widespread use of smartphones, there is no measurement standard ...
09/09/2020

Brotate and Tribike: Designing Smartphone Control for Cycling

The more people commute by bicycle, the higher is the number of cyclists...
02/27/2019

Validation of smartphone based pavement roughness measures

Smartphones are equipped with sensors such as accelerometers, gyroscope,...
10/29/2019

Smartphone and the changing practices of face-to-face interaction

Smartphone use has grown rapidly, but the ways it shapes concurrent face...
03/26/2019

Hearing your touch: A new acoustic side channel on smartphones

We present the first acoustic side-channel attack that recovers what use...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.