Bu-Dash: A Universal and Dynamic Graphical Password Scheme

Abstract

Biometric authentication gradually replaces knowledge-based methods on mobile devices. However, Personal Identification Numbers, passcodes, and graphical password schemes such as the Android Pattern Unlock (APU) are often the primary means for authentication, or they constitute an auxiliary (or backup) method to be used in case biometrics fail. Passcodes need to be memorable to be usable, hence users tend to choose easy to guess passwords, compromising security. The APU is a great example of a popular and usable graphical password scheme which can be easily compromised, by exploiting common and predominant human behavioristic traits. Despite its vulnerabilities, the scheme’s popularity has led researchers to propose adjustments and variations that enhance security but maintain its familiar user interface. Nevertheless, prior work demonstrated that improving security while preserving usability remains frequently a hard task. In this paper we propose a novel graphical password scheme built on the foundations of the well-accepted APU method, which is usable, inclusive, universal, and robust against shoulder surfing and smudge attacks. Our scheme, named Bu-Dash, features a dynamic user interface that mutates every time a user swipes the screen. Our pilot studies illustrate that Bu-Dash attracts positive user acceptance rates and maintains acceptable usability levels.