{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,9]],"date-time":"2026-05-09T17:08:04Z","timestamp":1778346484895,"version":"3.51.4"},"reference-count":25,"publisher":"Emerald","issue":"1","license":[{"start":{"date-parts":[[2016,3,14]],"date-time":"2016-03-14T00:00:00Z","timestamp":1457913600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016,3,14]]},"abstract":"\n Purpose<\/jats:title>\n \u2013 The Android pattern lock screen (or graphical password) is a popular user authentication method that relies on the advantages provided by the visual representation of a password, which enhance its memorability. Graphical passwords are vulnerable to attacks (e.g. shoulder surfing); thus, the need for more complex passwords becomes apparent. This paper aims to focus on the features that constitute a usable and secure pattern and investigate the existence of heuristic and physical rules that possibly dictate the formation of a pattern. <\/jats:p>\n <\/jats:sec>\n \n Design\/methodology\/approach<\/jats:title>\n \u2013 The authors conducted a survey to study the users\u2019 understanding of the security and usability of the pattern lock screen. The authors developed an Android application that collects graphical passwords, by simulating user authentication in a mobile device. This avoids any potential bias that is introduced when the survey participants are not interacting with a mobile device while forming graphical passwords (e.g. in Web or hard-copy surveys). <\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n \u2013 The findings verify and enrich previous knowledge for graphical passwords, namely, that users mostly prefer usability than security. Using the survey results, the authors demonstrate how biased input impairs security by shrinking the available password space. <\/jats:p>\n <\/jats:sec>\n \n Research limitations\/implications<\/jats:title>\n \u2013 The sample\u2019s demographics may affect our findings. Therefore, future work can focus on the replication of our work in a sample with different demographics. <\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n \u2013 The authors define metrics that measure the usability of a pattern (handedness, directionality and symmetry) and investigate their impact to its formation. The authors propose a security assessment scheme using features in a pattern (e.g. the existence of knight moves or overlapping nodes) to evaluate its security strengths.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/ics-01-2015-0001","type":"journal-article","created":{"date-parts":[[2016,2,25]],"date-time":"2016-02-25T10:03:20Z","timestamp":1456394600000},"page":"53-72","source":"Crossref","is-referenced-by-count":32,"title":["A study on usability and security features of the Android pattern lock screen"],"prefix":"10.1108","volume":"24","author":[{"given":"Panagiotis","family":"Andriotis","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"George","family":"Oikonomou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alexios","family":"Mylonas","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Theo","family":"Tryfonas","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2020121801241412400_b1","doi-asserted-by":"crossref","unstructured":"Andriotis, P.\n , \n Tryfonas, T.\n , \n Oikonomou, G.\n and \n Yildiz, C.\n (2013), \u201cA pilot study on the security of pattern screen-lock methods and soft side channel attacks\u201d, Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, Budapest, Hungary, pp. 1-6.","DOI":"10.1145\/2462096.2462098"},{"key":"key2020121801241412400_b3","doi-asserted-by":"crossref","unstructured":"Aviv, A.J.\n and \n Fichter, D.\n (2014), \u201cUnderstanding visual perceptions of usability and security of Android\u2019s graphical password pattern\u201d, Proceedings of the 30th Annual Computer Security Applications Conference, ACSAC \u201914, ACM, New York, NY, pp. 286-295.","DOI":"10.1145\/2664243.2664253"},{"key":"key2020121801241412400_b2","unstructured":"Aviv, A.J.\n , \n Gibson, K.\n , \n Mossop, E.\n , \n Blaze, M.\n and \n Smith, J.M.\n (2010), \u201cSmudge attacks on smartphone touch screens\u201d, Proceedings of the 4th USENIX Conference on Offensive Technologies, Washington, DC, pp. 1-7."},{"key":"key2020121801241412400_b4","unstructured":"Biddle, R.\n , \n Chiasson, S.\n and \n Van Oorschot, P.C.\n (2012), \u201cGraphical passwords: learning from the first twelve years\u201d, \n ACM Computing Surveys (CSUR\n ), Vol. 44 No. 4, p. 19."},{"key":"key2020121801241412400_b5","doi-asserted-by":"crossref","unstructured":"Bonneau, J.\n (2012), \u201cThe science of guessing: analyzing an anonymized corpus of 70 million passwords\u201d, IEEE Symposium on Security and Privacy (SP), San Francisco, CA, pp. 538-552.","DOI":"10.1109\/SP.2012.49"},{"key":"key2020121801241412400_b6","unstructured":"Botelho, B.A.P.\n , \n Nakamura, E.T.\n and \n Uto, N.\n (2012), \u201cImplementation of tools for brute forcing touch inputted passwords\u201d, 2012 International Conference for Internet Technology and Secured Transactions, London, pp. 807-808."},{"key":"key2020121801241412400_b7","doi-asserted-by":"crossref","unstructured":"Brostoff, S.\n and \n Sasse, M.A.\n (2000), \u201cAre passfaces more usable than passwords? A field trial investigation\u201d, \n People and Computers XIV \u2013 Usability or Else!\n , Springer, Springer London, pp. 405-424.","DOI":"10.1007\/978-1-4471-0515-2_27"},{"key":"key2020121801241412400_b8","unstructured":"Davis, D.\n , \n Monrose, F.\n and \n Reiter, M.K.\n (2004), \u201cOn user choice in graphical password schemes\u201d, USENIX Security Symposium, San Diego, CA, pp. 151-164."},{"key":"key2020121801241412400_b9","doi-asserted-by":"crossref","unstructured":"Ding, Y.\n and \n Horster, P.\n (1995), \u201cUndetectable on-line password guessing attacks\u201d, \n ACM SIGOPS Operating Systems Review\n , Vol. 29 No. 4, pp. 77-86.","DOI":"10.1145\/219282.219298"},{"key":"key2020121801241412400_b10","doi-asserted-by":"crossref","unstructured":"Dunphy, P.\n and \n Yan, J.\n (2007), \u201cDo background images improve draw a secret graphical passwords?\u201d, Proceedings of the 14th ACM Conference on Computer and Communications Security, Alexandria, Virginia, pp. 36-47.","DOI":"10.1145\/1315245.1315252"},{"key":"key2020121801241412400_b11","doi-asserted-by":"crossref","unstructured":"Forget, A.\n , \n Chiasson, S.\n , \n van Oorschot, P.C.\n and \n Biddle, R.\n (2008), \u201cImproving text passwords through persuasion\u201d, Proceedings of the 4th Symposium on Usable Privacy and Security, Pittsburgh, Pennsylvania, pp. 1-12.","DOI":"10.1145\/1408664.1408666"},{"key":"key2020121801241412400_b12","doi-asserted-by":"crossref","unstructured":"Gao, H.\n , \n Guo, X.\n , \n Chen, X.\n , \n Wang, L.\n and \n Liu, X.\n (2008), \u201cYagp: yet another graphical password strategy\u201d, Computer Security Applications Conference (ACSAC) 2008, Anaheim, CA, pp. 121-129.","DOI":"10.1109\/ACSAC.2008.19"},{"key":"key2020121801241412400_b13","unstructured":"Jermyn, I.\n , \n Mayer, A.\n , \n Monrose, F.\n , \n Reiter, M.K.\n and \n Rubin, A.D.\n (1999), \u201cThe design and analysis of graphical passwords\u201d, Proceedings of the 8th USENIX Security Symposium, Washington, DC, pp. 1-14."},{"key":"key2020121801241412400_b14","doi-asserted-by":"crossref","unstructured":"Mylonas, A.\n , \n Kastania, A.\n and \n Gritzalis, D.\n (2013), \u201cDelegate the smartphone user? Security awareness in smartphone platforms\u201d, \n Computers & Security\n , Vol. 34, pp. 47-66.","DOI":"10.1016\/j.cose.2012.11.004"},{"key":"key2020121801241412400_b15","unstructured":"Orozco, M.\n , \n Malek, B.\n , \n Eid, M.\n and \n El Saddik, A.\n (2006), \u201cHaptic-based sensible graphical password\u201d, Proceedings of Virtual Concept, Playa Del Carmen, Mexico, pp. 1-4."},{"key":"key2020121801241412400_b16","doi-asserted-by":"crossref","unstructured":"Sasse, M.A.\n , \n Brostoff, S.\n and \n Weirich, D.\n (2001), \u201cTransforming \u2018the weakest link- a human\/computer interaction approach to usable and effective security\u201d, \n BT Technology Journal\n , Vol. 19 No. 3, pp. 122-131.","DOI":"10.1023\/A:1011902718709"},{"key":"key2020121801241412400_b17","doi-asserted-by":"crossref","unstructured":"Standing, L.\n , \n Conezio, J.\n and \n Haber, R.N.\n (1970), \u201cPerception and memory for pictures: single-trial learning of 2500 visual stimuli\u201d, \n Psychonomic Science\n , Vol. 19 No. 2, pp. 73-74.","DOI":"10.3758\/BF03337426"},{"key":"key2020121801241412400_b18","doi-asserted-by":"crossref","unstructured":"Sun, C.\n , \n Wang, Y.\n and \n Zheng, J.\n (2014), \u201cDissecting pattern unlock: the effect of pattern strength meter on pattern selection\u201d, \n Journal of Information Security and Applications\n , Vol. 19 No. 4, pp. 308-320.","DOI":"10.1016\/j.jisa.2014.10.009"},{"key":"key2020121801241412400_b19","unstructured":"Tao, H.\n and \n Adams, C.\n (2008), \u201cPass-go: a proposal to improve the usability of graphical passwords\u201d, \n IJ Network Security\n , Vol. 7 No. 2, pp. 273-292."},{"key":"key2020121801241412400_b20","doi-asserted-by":"crossref","unstructured":"Tari, F.\n , \n Ozok, A.\n and \n Holden, S.H.\n (2006), \u201cA comparison of perceived and real shoulder-surfing risks between alphanumeric and graphical passwords\u201d, Proceedings of the Second Symposium on Usable Privacy and Security, Pittsburgh, Pennsylvania, pp. 56-66.","DOI":"10.1145\/1143120.1143128"},{"key":"key2020121801241412400_b21","unstructured":"Thorpe, J.\n and \n van Oorschot, P.C.\n (2007), \u201cHuman-seeded attacks and exploiting hot-spots in graphical passwords\u201d, 16th USENIX Security Symposium, Boston, MA, pp. 103-118."},{"key":"key2020121801241412400_b22","doi-asserted-by":"crossref","unstructured":"Uellenbeck, S.\n , \n D\u00fcrmuth, M.\n , \n Wolf, C.\n and \n Holz, T.\n (2013), \u201cQuantifying the security of graphical passwords: the case of android unlock patterns\u201d, Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security, Berlin, Germany, pp. 161-172.","DOI":"10.1145\/2508859.2516700"},{"key":"key2020121801241412400_b23","doi-asserted-by":"crossref","unstructured":"van Oorschot, P.C.\n and \n Thorpe, J.\n (2008), \u201cOn predictive models and user-drawn graphical passwords\u201d, \n ACM Transactions on Information and System Security (TISSEC)\n , Vol. 10 No. 4, p. 5.","DOI":"10.1145\/1284680.1284685"},{"key":"key2020121801241412400_b24","doi-asserted-by":"crossref","unstructured":"van Oorschot, P.C.\n and \n Thorpe, J.\n (2011), \u201cExploiting predictability in click-based graphical passwords\u201d, \n Journal of Computer Security\n , Vol. 19 No. 4, pp. 669-702.","DOI":"10.3233\/JCS-2010-0411"},{"key":"key2020121801241412400_b25","doi-asserted-by":"crossref","unstructured":"Zakaria, N.H.\n , \n Griffiths, D.\n , \n Brostoff, S.\n and \n Yan, J.\n (2011), \u201cShoulder surfing defence for recall-based graphical passwords\u201d, Proceedings of the Seventh Symposium on Usable Privacy and Security, Pittsburgh, Pennsylvania, pp. 1-12.","DOI":"10.1145\/2078827.2078835"}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-01-2015-0001","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2015-0001\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2015-0001\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:33Z","timestamp":1753406553000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/24\/1\/53-72\/108745"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,3,14]]},"references-count":25,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2016,3,14]]}},"alternative-id":["10.1108\/ICS-01-2015-0001"],"URL":"https:\/\/doi.org\/10.1108\/ics-01-2015-0001","relation":{},"ISSN":["2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2016,3,14]]}}}