{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,17]],"date-time":"2026-01-17T04:54:20Z","timestamp":1768625660100,"version":"3.49.0"},"reference-count":61,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2021,9,30]],"date-time":"2021-09-30T00:00:00Z","timestamp":1632960000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Research Training Group Human Centered Systems Security"},{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"crossref","award":["EXC 2092 CASA 390781972"],"award-info":[{"award-number":["EXC 2092 CASA 390781972"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1845300"],"award-info":[{"award-number":["1845300"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2021,11,30]]},"abstract":"<jats:p>\n            In this article, we provide the first comprehensive study of user-chosen four- and six-digit PINs (\n            <jats:italic>n<\/jats:italic>\n            =1705) collected on smartphones with participants being explicitly primed for device unlocking. We find that against a throttled attacker (with 10, 30, or 100 guesses, matching the smartphone unlock setting), using six-digit PINs instead of four-digit PINs provides little to no increase in security and surprisingly may even decrease security. We also study the effects of blocklists, where a set of \u201ceasy to guess\u201d PINs is disallowed during selection. Two such blocklists are in use today by iOS, for four digits (274 PINs) as well as six digits (2,910 PINs). We extracted both blocklists and compared them with six other blocklists, three for each PIN length. In each case, we had a small (four-digit: 27 PINs; six-digit: 29 PINs), a large (four-digit: 2,740 PINs; six-digit: 291,000 PINs), and a placebo blocklist that always excluded the first-choice PIN. For four-digit PINs, we find that the relatively small blocklist in use today by iOS offers little to no benefit against a throttled guessing attack. Security gains are only observed when the blocklist is much larger. In the six-digit case, we were able to reach a similar security level with a smaller blocklist. As the user frustration increases with the blocklists size, developers should employ a blocklist that is as small as possible while ensuring the desired security. Based on our analysis, we recommend that for four-digit PINs a blocklist should contain the 1,000 most popular PINs to provide the best balance between usability and security and for six-digit PINs the 2,000 most popular PINs should be blocked.\n          <\/jats:p>","DOI":"10.1145\/3473040","type":"journal-article","created":{"date-parts":[[2021,9,30]],"date-time":"2021-09-30T17:09:46Z","timestamp":1633021786000},"page":"1-36","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":17,"title":["On the Security of Smartphone Unlock PINs"],"prefix":"10.1145","volume":"24","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9232-4496","authenticated-orcid":false,"given":"Philipp","family":"Markert","sequence":"first","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel V.","family":"Bailey","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Maximilian","family":"Golla","sequence":"additional","affiliation":[{"name":"Max Planck Institute for Security and Privacy, Bochum, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Markus","family":"D\u00fcrmuth","sequence":"additional","affiliation":[{"name":"Ruhr University Bochum, Bochum, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Adam J.","family":"Aviv","sequence":"additional","affiliation":[{"name":"The George Washington University, Washington, District of Columbia, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,9,30]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Retrieved","author":"Afonin Oleg","year":"2020","unstructured":"Oleg Afonin . 2020 . iPhone 5 and 5c Passcode Unlock with iOS Forensic Toolkit . Retrieved May 14, 2021 from https:\/\/blog.elcomsoft.com\/2020\/08\/iphone-5-and-5c-passcode-unlock-with-ios-forensic-toolkit\/ Oleg Afonin. 2020. iPhone 5 and 5c Passcode Unlock with iOS Forensic Toolkit. Retrieved May 14, 2021 from https:\/\/blog.elcomsoft.com\/2020\/08\/iphone-5-and-5c-passcode-unlock-with-ios-forensic-toolkit\/"},{"key":"e_1_2_1_2_1","volume-title":"Proceedings of the USENIX Security Symposium. USENIX, 257\u2013272","author":"Akhawe Devdatta","year":"2013","unstructured":"Devdatta Akhawe and Adrienne Porter Felt . 2013 . Alice in warningland: A large-scale field study of browser security warning effectiveness . In Proceedings of the USENIX Security Symposium. USENIX, 257\u2013272 . Devdatta Akhawe and Adrienne Porter Felt. 2013. Alice in warningland: A large-scale field study of browser security warning effectiveness. In Proceedings of the USENIX Security Symposium. USENIX, 257\u2013272."},{"key":"e_1_2_1_3_1","volume-title":"Retrieved","author":"Amitay Daniel","year":"2011","unstructured":"Daniel Amitay . 2011 . Most Common iPhone Passcodes . Retrieved May 14, 2021 from http:\/\/danielamitay.com\/blog\/2011\/6\/13\/most-common-iphone-passcodes. Daniel Amitay. 2011. Most Common iPhone Passcodes. Retrieved May 14, 2021 from http:\/\/danielamitay.com\/blog\/2011\/6\/13\/most-common-iphone-passcodes."},{"key":"e_1_2_1_4_1","volume-title":"Retrieved","author":"Source Project Android Open","year":"2018","unstructured":"Android Open Source Project . 2018 . Full-Disk Encryption\u2014Storing the Encrypted Key . Retrieved May 14, 2021 from https:\/\/source.android.com\/security\/encryption\/full-disk#storing_the_encrypted_key. Android Open Source Project. 2018. Full-Disk Encryption\u2014Storing the Encrypted Key. Retrieved May 14, 2021 from https:\/\/source.android.com\/security\/encryption\/full-disk#storing_the_encrypted_key."},{"key":"e_1_2_1_5_1","volume-title":"Retrieved","author":"Source Project Android Open","year":"2020","unstructured":"Android Open Source Project . 2020 . Android 11: GateKeeper . Retrieved May 14, 2021 from https:\/\/android.googlesource.com\/platform\/system\/gatekeeper\/+\/refs\/heads\/android11-release\/gatekeeper.cpp#268. Android Open Source Project. 2020. Android 11: GateKeeper. Retrieved May 14, 2021 from https:\/\/android.googlesource.com\/platform\/system\/gatekeeper\/+\/refs\/heads\/android11-release\/gatekeeper.cpp#268."},{"key":"e_1_2_1_6_1","volume-title":"Retrieved","author":"Inc.","year":"2021","unstructured":"Apple, Inc. 2021. Apple Platform Security . Retrieved May 14, 2021 from https:\/\/manuals.info.apple.com\/MANUALS\/1000\/MA1902\/en_US\/apple-platform-security-guide.pdf. Apple, Inc.2021. Apple Platform Security. Retrieved May 14, 2021 from https:\/\/manuals.info.apple.com\/MANUALS\/1000\/MA1902\/en_US\/apple-platform-security-guide.pdf."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818000.2818014"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134609"},{"key":"e_1_2_1_9_1","volume-title":"Proceedings of the USENIX Workshop on Offensive Technologies. USENIX, 1\u20137.","author":"Aviv Adam J.","unstructured":"Adam J. Aviv , Katherine Gibson , Evan Mossop , Matt Blaze , and Jonathan M. Smith . 2010. Smudge attacks on smartphone touch screens . In Proceedings of the USENIX Workshop on Offensive Technologies. USENIX, 1\u20137. Adam J. Aviv, Katherine Gibson, Evan Mossop, Matt Blaze, and Jonathan M. Smith. 2010. Smudge attacks on smartphone touch screens. In Proceedings of the USENIX Workshop on Offensive Technologies. USENIX, 1\u20137."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274702"},{"key":"e_1_2_1_11_1","volume-title":"Lip Yee Por, and A. A. Zaidan.","author":"Binbeshr Farid","year":"2021","unstructured":"Farid Binbeshr , Miss Laiha Mat Kiah , Lip Yee Por, and A. A. Zaidan. 2021 . A systematic review of pin-entry methods resistant to shoulder-surfing attacks. Comput. Secur . 101 (Feb. 2021). Farid Binbeshr, Miss Laiha Mat Kiah, Lip Yee Por, and A. A. Zaidan. 2021. A systematic review of pin-entry methods resistant to shoulder-surfing attacks. Comput. Secur. 101 (Feb. 2021)."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.49"},{"key":"e_1_2_1_13_1","volume-title":"Financial Cryptography and Data Security","author":"Bonneau Joseph","unstructured":"Joseph Bonneau , S\u00f6ren Preibusch , and Ross Anderson . 2012. A birthday present every eleven wallets? the security of customer-chosen banking PINs . In Financial Cryptography and Data Security . Springer , 25\u201340. Joseph Bonneau, S\u00f6ren Preibusch, and Ross Anderson. 2012. A birthday present every eleven wallets? the security of customer-chosen banking PINs. In Financial Cryptography and Data Security. Springer, 25\u201340."},{"key":"e_1_2_1_14_1","volume-title":"Retrieved","author":"Brewster Thomas","year":"2018","unstructured":"Thomas Brewster . 2018 . Mysterious $15,000 \u201cGrayKey\u201d Promises To Unlock iPhone X For The Feds . Retrieved May 14, 2021 from https:\/\/www.forbes.com\/sites\/thomasbrewster\/2018\/03\/05\/apple-iphone-x-graykey-hack\/. Thomas Brewster. 2018. Mysterious $15,000 \u201cGrayKey\u201d Promises To Unlock iPhone X For The Feds. Retrieved May 14, 2021 from https:\/\/www.forbes.com\/sites\/thomasbrewster\/2018\/03\/05\/apple-iphone-x-graykey-hack\/."},{"key":"e_1_2_1_15_1","volume-title":"Retrieved","author":"Brewster Thomas","year":"2018","unstructured":"Thomas Brewster . 2018 . The Feds Can Now (Probably) Unlock Every iPhone Model In Existence . Retrieved May 14, 2021 from https:\/\/www.forbes.com\/sites\/thomasbrewster\/2018\/02\/26\/government-can-access-any-apple-iphone-cellebrite\/. Thomas Brewster. 2018. The Feds Can Now (Probably) Unlock Every iPhone Model In Existence. Retrieved May 14, 2021 from https:\/\/www.forbes.com\/sites\/thomasbrewster\/2018\/02\/26\/government-can-access-any-apple-iphone-cellebrite\/."},{"key":"e_1_2_1_16_1","unstructured":"Maria Casimiro Joe Segel Lewei Li Yigeng Wang and Lorrie Faith Cranor. 2020. A quest for inspiration: How users create and reuse PINs. In Who Are You?! Adventures in Authentication Workshop. 1\u20137.  Maria Casimiro Joe Segel Lewei Li Yigeng Wang and Lorrie Faith Cranor. 2020. A quest for inspiration: How users create and reuse PINs. In Who Are You?! Adventures in Authentication Workshop. 1\u20137."},{"key":"e_1_2_1_17_1","volume-title":"Proceedings of the Symposium on Usable Privacy and Security. USENIX, 257\u2013276","author":"Cherapau Ivan","year":"2015","unstructured":"Ivan Cherapau , Ildar Muslukhov , Nalin Asanka , and Konstantin Beznosov . 2015 . On the impact of touch ID on iPhone passcodes . In Proceedings of the Symposium on Usable Privacy and Security. USENIX, 257\u2013276 . Ivan Cherapau, Ildar Muslukhov, Nalin Asanka, and Konstantin Beznosov. 2015. On the impact of touch ID on iPhone passcodes. In Proceedings of the Symposium on Usable Privacy and Security. USENIX, 257\u2013276."},{"key":"e_1_2_1_18_1","volume-title":"Retrieved","author":"Engler Justin","year":"2013","unstructured":"Justin Engler and Paul Vines . 2013 . Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO) . Retrieved May 14, 2021 from https:\/\/doi.org\/10.5446\/38941. 10.5446\/38941 Justin Engler and Paul Vines. 2013. Electromechanical PIN Cracking with Robotic Reconfigurable Button Basher (and C3BO). Retrieved May 14, 2021 from https:\/\/doi.org\/10.5446\/38941."},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702442"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2017.23024"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243769"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.14722\/usec.2019.23025"},{"key":"e_1_2_1_23_1","volume-title":"Proceedings of the ACM Conference on Computer and Communications Security. ACM, 1549\u20131566","author":"Golla Maximilian","year":"2018","unstructured":"Maximilian Golla , Miranda Wei , Juliette Hainline , Lydia Filipe , Markus D\u00fcrmuth , Elissa Redmiles , and Blase Ur . 2018 . \u201c What was that site doing with my facebook password?\u201d Designing password-reuse notification . In Proceedings of the ACM Conference on Computer and Communications Security. ACM, 1549\u20131566 . Maximilian Golla, Miranda Wei, Juliette Hainline, Lydia Filipe, Markus D\u00fcrmuth, Elissa Redmiles, and Blase Ur. 2018. \u201cWhat was that site doing with my facebook password?\u201d Designing password-reuse notification. In Proceedings of the ACM Conference on Computer and Communications Security. ACM, 1549\u20131566."},{"key":"e_1_2_1_24_1","volume-title":"How LinkedIn\u2019s Password Sloppiness Hurts Us All. Retrieved","author":"Jeremi M.","year":"2021","unstructured":"Jeremi M. Gosney ( \u201c epixoip\u201d). 2016 . How LinkedIn\u2019s Password Sloppiness Hurts Us All. Retrieved May 14, 2021 from https:\/\/arstechnica.com\/?post_type=post&p=892339. Jeremi M. Gosney (\u201cepixoip\u201d). 2016. How LinkedIn\u2019s Password Sloppiness Hurts Us All. Retrieved May 14, 2021 from https:\/\/arstechnica.com\/?post_type=post&p=892339."},{"key":"e_1_2_1_25_1","volume-title":"Burr","author":"Grassi Paul A.","year":"2017","unstructured":"Paul A. Grassi , James L. Fenton , and William E . Burr . 2017 . Digital Identity Guidelines\u2014Authentication and Lifecycle Management: NIST Special Publication 800-63B. Paul A. Grassi, James L. Fenton, and William E. Burr. 2017. Digital Identity Guidelines\u2014Authentication and Lifecycle Management: NIST Special Publication 800-63B."},{"key":"e_1_2_1_26_1","volume-title":"Lee","author":"Greene Kristen K.","year":"2014","unstructured":"Kristen K. Greene , Melissa A. Gallagher , Brian C. Stanton , and Paul Y . Lee . 2014 . I can\u2019t type that! P@$$w0rd entry on mobile devices. In Human Aspects of Information Security, Privacy, and Trust. Springer , 160\u2013171. Kristen K. Greene, Melissa A. Gallagher, Brian C. Stanton, and Paul Y. Lee. 2014. I can\u2019t type that! P@$$w0rd entry on mobile devices. In Human Aspects of Information Security, Privacy, and Trust. Springer, 160\u2013171."},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the Symposium on Usable Privacy and Security. USENIX, 213\u2013230","author":"Harbach Marian","year":"2014","unstructured":"Marian Harbach , Emanuel von Zezschwitz , Andreas Fichtner , Alexander De Luca , and Matthew Smith . 2014 . It\u2019s a hard lock life: A field study of smartphone (Un)Locking behavior and risk perception . In Proceedings of the Symposium on Usable Privacy and Security. USENIX, 213\u2013230 . Marian Harbach, Emanuel von Zezschwitz, Andreas Fichtner, Alexander De Luca, and Matthew Smith. 2014. It\u2019s a hard lock life: A field study of smartphone (Un)Locking behavior and risk perception. In Proceedings of the Symposium on Usable Privacy and Security. USENIX, 213\u2013230."},{"key":"e_1_2_1_29_1","volume-title":"Retrieved","author":"Andrew Horton","year":"2021","unstructured":"Andrew Horton ( \u201c urbanadventurer\u201d) and Community. 2020. Android-PIN-Bruteforce \u2013 Bruteforcing the Lockscreen PIN . Retrieved May 14, 2021 from https:\/\/github.com\/urbanadventurer\/Android-PIN-Bruteforce. Andrew Horton (\u201curbanadventurer\u201d) and Community. 2020. Android-PIN-Bruteforce \u2013 Bruteforcing the Lockscreen PIN. Retrieved May 14, 2021 from https:\/\/github.com\/urbanadventurer\/Android-PIN-Bruteforce."},{"key":"e_1_2_1_30_1","volume-title":"Retrieved","author":"Hunt Troy","year":"2020","unstructured":"Troy Hunt . 2020 . Pwned Passwords . Retrieved May 14, 2021 https:\/\/haveibeenpwned.com\/Passwords. Troy Hunt. 2020. Pwned Passwords. Retrieved May 14, 2021 https:\/\/haveibeenpwned.com\/Passwords."},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.38"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427240"},{"key":"e_1_2_1_33_1","first-page":"4","article-title":"PIN selection policies: Are they really effective?Comput","volume":"31","author":"Kim Hyoungshick","year":"2012","unstructured":"Hyoungshick Kim and Jun Ho Huh . 2012 . PIN selection policies: Are they really effective?Comput . Secur. 31 , 4 (Jun. 2012), 484\u2013496. Hyoungshick Kim and Jun Ho Huh. 2012. PIN selection policies: Are they really effective?Comput. Secur. 31, 4 (Jun. 2012), 484\u2013496.","journal-title":"Secur."},{"key":"e_1_2_1_34_1","first-page":"3","article-title":"Let\u2019s take it offline: Boosting brute-force attacks on iPhone\u2019s user authentication through SCA","volume":"2021","author":"Lisovets Oleksiy","year":"2021","unstructured":"Oleksiy Lisovets , David Knichel , Thorben Moos , and Amir Moradi . 2021 . Let\u2019s take it offline: Boosting brute-force attacks on iPhone\u2019s user authentication through SCA . IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021 , 3 (Jun. 2021), 1\u201324. Oleksiy Lisovets, David Knichel, Thorben Moos, and Amir Moradi. 2021. Let\u2019s take it offline: Boosting brute-force attacks on iPhone\u2019s user authentication through SCA. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021, 3 (Jun. 2021), 1\u201324.","journal-title":"IACR Trans. Cryptogr. Hardw. Embed. Syst."},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.14722\/eurousec.2016.23001"},{"key":"e_1_2_1_36_1","volume-title":"Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 286\u2013303","author":"Markert Philipp","unstructured":"Philipp Markert , Daniel V. Bailey , Maximilian Golla , Markus D\u00fcrmuth , and Adam J. Aviv . 2020. This PIN can be easily guessed: Analyzing the security of smartphone unlock PINs . In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 286\u2013303 . Philipp Markert, Daniel V. Bailey, Maximilian Golla, Markus D\u00fcrmuth, and Adam J. Aviv. 2020. This PIN can be easily guessed: Analyzing the security of smartphone unlock PINs. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, 286\u2013303."},{"key":"e_1_2_1_37_1","volume-title":"Proceedings of the ACM Conference on Human Factors in Computing Systems. ACM, 527\u2013539","author":"Melicher William","unstructured":"William Melicher , Darya Kurilova , Sean M. Segreti , Pranshu Kalvani , Richard Shay , Blase Ur , Lujo Bauer , Nicolas Christin , Lorrie Faith Cranor , and Michelle L. Mazurek . 2016. Usability and security of text passwords on mobile devices . In Proceedings of the ACM Conference on Human Factors in Computing Systems. ACM, 527\u2013539 . William Melicher, Darya Kurilova, Sean M. Segreti, Pranshu Kalvani, Richard Shay, Blase Ur, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Michelle L. Mazurek. 2016. Usability and security of text passwords on mobile devices. In Proceedings of the ACM Conference on Human Factors in Computing Systems. ACM, 527\u2013539."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1467-8640.2012.00460.x"},{"key":"e_1_2_1_39_1","volume-title":"Proceedings of the Symposium on Usable Privacy and Security. USENIX, 1\u201319","author":"Munyendo Collins W.","unstructured":"Collins W. Munyendo , Miles Grant , Philipp Markert , Timothy J. Forman , and Adam J. Aviv . 2021. Using a blocklist to improve the security of user selection of android patterns . In Proceedings of the Symposium on Usable Privacy and Security. USENIX, 1\u201319 . Collins W. Munyendo, Miles Grant, Philipp Markert, Timothy J. Forman, and Adam J. Aviv. 2021. Using a blocklist to improve the security of user selection of android patterns. In Proceedings of the Symposium on Usable Privacy and Security. USENIX, 1\u201319."},{"key":"e_1_2_1_40_1","volume-title":"Retrieved","author":"Nakashima Ellen","year":"2021","unstructured":"Ellen Nakashima and Reed Albergotti . 2021 . Australian Firm Azimuth Unlocked the San Bernardino Shooter\u2019s iPhone for the FBI . Retrieved May 14, 2021 from https:\/\/www.washingtonpost.com\/technology\/2021\/04\/14\/azimuth-san-bernardino-apple-iphone-fbi\/. Ellen Nakashima and Reed Albergotti. 2021. Australian Firm Azimuth Unlocked the San Bernardino Shooter\u2019s iPhone for the FBI. Retrieved May 14, 2021 from https:\/\/www.washingtonpost.com\/technology\/2021\/04\/14\/azimuth-san-bernardino-apple-iphone-fbi\/."},{"key":"e_1_2_1_41_1","volume-title":"Retrieved","author":"Newman Lily Hay","year":"2019","unstructured":"Lily Hay Newman . 2019 . Google\u2019s Making it Easier to Encrypt Even Cheap Android Phones . Retrieved May 14, 2021 from https:\/\/www.wired.com\/story\/android-encryption-cheap-smartphones\/. Lily Hay Newman. 2019. Google\u2019s Making it Easier to Encrypt Even Cheap Android Phones. Retrieved May 14, 2021 from https:\/\/www.wired.com\/story\/android-encryption-cheap-smartphones\/."},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300393"},{"key":"e_1_2_1_44_1","volume-title":"GrayKey iPhone Unlocker Poses Serious Security Concerns. Retrieved","author":"Reed Thomas","year":"2021","unstructured":"Thomas Reed . 2018. GrayKey iPhone Unlocker Poses Serious Security Concerns. Retrieved May 2021 from https:\/\/blog.malwarebytes.com\/?p=22342. Thomas Reed. 2018. GrayKey iPhone Unlocker Poses Serious Security Concerns. Retrieved May 2021 from https:\/\/blog.malwarebytes.com\/?p=22342."},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/WorldCIS.2015.7359406"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2406367.2406384"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/2702123.2702586"},{"key":"e_1_2_1_48_1","volume-title":"Proceedings of the Hardware Security Conference & Training (HardwearIO\u201917)","author":"Skorobogatov Sergei","year":"2017","unstructured":"Sergei Skorobogatov . 2017 . The bumpy road towards iphone 5c NAND mirroring . In Proceedings of the Hardware Security Conference & Training (HardwearIO\u201917) . 1\u201355. Sergei Skorobogatov. 2017. The bumpy road towards iphone 5c NAND mirroring. In Proceedings of the Hardware Security Conference & Training (HardwearIO\u201917). 1\u201355."},{"key":"e_1_2_1_49_1","volume-title":"The URLephant. In Proceedings of the USENIX Enigma Conference. USENIX.","author":"Stark Emily","year":"2019","unstructured":"Emily Stark . 2019 . The URLephant. In Proceedings of the USENIX Enigma Conference. USENIX. Emily Stark. 2019. The URLephant. In Proceedings of the USENIX Enigma Conference. USENIX."},{"key":"e_1_2_1_50_1","volume-title":"Proceedings of the USENIX Security Symposium. USENIX, 399\u2013416","author":"Sunshine Joshua","year":"2009","unstructured":"Joshua Sunshine , Serge Egelman , Hazim Almuhimedi , Neha Atri , and Lorrie Faith Cranor . 2009 . Crying wolf: An empirical study of SSL warning effectiveness . In Proceedings of the USENIX Security Symposium. USENIX, 399\u2013416 . Joshua Sunshine, Serge Egelman, Hazim Almuhimedi, Neha Atri, and Lorrie Faith Cranor. 2009. Crying wolf: An empirical study of SSL warning effectiveness. In Proceedings of the USENIX Security Symposium. USENIX, 399\u2013416."},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417882"},{"key":"e_1_2_1_52_1","volume-title":"Proceedings of the ACM Conference on Computer and Communications Security. ACM, 161\u2013172","author":"Uellenbeck Sebastian","year":"2016","unstructured":"Sebastian Uellenbeck , Markus D\u00fcrmuth , Christopher Wolf , and Thorsten Holz . 2016 . Quantifying the security of graphical passwords: The case of android unlock patterns . In Proceedings of the ACM Conference on Computer and Communications Security. ACM, 161\u2013172 . Sebastian Uellenbeck, Markus D\u00fcrmuth, Christopher Wolf, and Thorsten Holz. 2016. Quantifying the security of graphical passwords: The case of android unlock patterns. In Proceedings of the ACM Conference on Computer and Communications Security. ACM, 161\u2013172."},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3025453.3026050"},{"key":"e_1_2_1_54_1","volume-title":"Proceedings of the Symposium on Usable Privacy and Security. USENIX, 123\u2013140","author":"Ur Blase","year":"2015","unstructured":"Blase Ur , Fumiko Noma , Jonathan Bees , Sean M. Segreti , Richard Shay , Lujo Bauer , Nicolas Christin , and Lorrie Faith Cranor . 2015 . \u201c I added \u2018!\u2019 at the end to make it secure\u201d: Observing password creation in the lab . In Proceedings of the Symposium on Usable Privacy and Security. USENIX, 123\u2013140 . Blase Ur, Fumiko Noma, Jonathan Bees, Sean M. Segreti, Richard Shay, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. 2015. \u201cI added \u2018!\u2019 at the end to make it secure\u201d: Observing password creation in the lab. In Proceedings of the Symposium on Usable Privacy and Security. USENIX, 123\u2013140."},{"key":"e_1_2_1_55_1","volume-title":"Proceedings of the USENIX Security Symposium. USENIX, 463\u2013481","author":"Ur Blase","year":"2015","unstructured":"Blase Ur , Sean M. Segreti , Lujo Bauer , Nicolas Christin , Lorrie Faith Cranor , Saranga Komanduri , Darya Kurilova , Michelle L. Mazurek , William Melicher , and Richard Shay . 2015 . Measuring real-world accuracies and biases in modeling password guessability . In Proceedings of the USENIX Security Symposium. USENIX, 463\u2013481 . Blase Ur, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Saranga Komanduri, Darya Kurilova, Michelle L. Mazurek, William Melicher, and Richard Shay. 2015. Measuring real-world accuracies and biases in modeling password guessability. In Proceedings of the USENIX Security Symposium. USENIX, 463\u2013481."},{"key":"e_1_2_1_56_1","volume-title":"Retrieved","author":"U.S. Department of Homeland Security.","year":"2012","unstructured":"U.S. Department of Homeland Security. 2012 . The Menlo Report . Retrieved May 14, 2021 from https:\/\/www.caida.org\/publications\/papers\/2012\/menlo_report_actual_formatted\/. U.S. Department of Homeland Security. 2012. The Menlo Report. Retrieved May 14, 2021 from https:\/\/www.caida.org\/publications\/papers\/2012\/menlo_report_actual_formatted\/."},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2639189.2639218"},{"key":"e_1_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1145\/3012709.3012729"},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053031"},{"key":"e_1_2_1_60_1","volume-title":"Retrieved","author":"Gareth Watts","year":"2021","unstructured":"Gareth Watts ( \u201c gwatts\u201d) and Community. 2015. Pinfinder\u2014iOS Screen Time & Restrictions Passcode Finder . Retrieved May 14, 2021 from https:\/\/github.com\/gwatts\/pinfinder. Gareth Watts (\u201cgwatts\u201d) and Community. 2015. Pinfinder\u2014iOS Screen Time & Restrictions Passcode Finder. Retrieved May 14, 2021 from https:\/\/github.com\/gwatts\/pinfinder."},{"key":"e_1_2_1_61_1","volume-title":"Retrieved","author":"Welch Chris","year":"2018","unstructured":"Chris Welch . 2018 . Apple Releases iOS 11.4.1 and Blocks Passcode Cracking Tools Used by Police . Retrieved May 14, 2021 from https:\/\/www.theverge.com\/2018\/7\/9\/17549538\/. Chris Welch. 2018. Apple Releases iOS 11.4.1 and Blocks Passcode Cracking Tools Used by Police. Retrieved May 14, 2021 from https:\/\/www.theverge.com\/2018\/7\/9\/17549538\/."},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1002\/j.2161-1939.2011.tb00103.x"},{"key":"e_1_2_1_63_1","unstructured":"Yulong Yang Janne Lindqvist and Antti Oulasvirta. 2014. Text entry method affects password security. In Learning from Authoritative Security Experiment Results. USENIX 11\u201320.  Yulong Yang Janne Lindqvist and Antti Oulasvirta. 2014. Text entry method affects password security. In Learning from Authoritative Security Experiment Results. USENIX 11\u201320."}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3473040","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3473040","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3473040","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:11:58Z","timestamp":1750191118000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3473040"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,9,30]]},"references-count":61,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2021,11,30]]}},"alternative-id":["10.1145\/3473040"],"URL":"https:\/\/doi.org\/10.1145\/3473040","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,9,30]]},"assertion":[{"value":"2021-01-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-06-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-09-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}