Modeling Password Entry on Mobile Devices: Please Check Your Password and Try Again
Gallagher, Melissa Ann
Byrne, Michael D
Doctor of Philosophy
Despite being recognized as a fundamentally flawed system, password authentication is a widely deployed security feature on desktop and mobile systems. Inputting complex passwords on mobile devices can be an onerous task. The composition of the passwords creates a unique challenge for people to input as not all characters are displayed on the keyboard at the same time, forcing the user to switch between multiple screens. While previous studies of text input on mobile devices have focused on typing words and phrases, little work has been done examining the effects screen switching has on text input. Three experiments were conducted in which subjects typed strings similar to secure passwords. Subjects were considerably slower typing password-like strings than typing standard text. Uncertainty about the location of symbols was a key factor in this slowdown. One of the largest contributors to the number of errors made was the size of the keyboard keys. This source of error suggests technologies that may aid error prevention. The results from these studies informed an ACT-R model of the task. The timing data generated from the model fits the experimental results well. The strategy that the model employs depends on the type of character it is trying to input providing further evidence that finding and inputting symbols decreases speed. Validated models of password input on mobile devices can aid designers in usability testing new password policies. The results have implications for both usability and security of password input on mobile devices.