Modeling Password Entry on a Mobile Device


Password authentication is a widely deployed security feature on desktop and mobile systems. Inputting complex passwords on mobile devices can be an onerous task. The composition of the passwords creates a unique challenge for people to input as not all characters are displayed on the keyboard at the same time, forcing the user to switch between multiple screens. The results from a previous study informed an ACT-R model of password input on mobile devices. The timing data generated from the model fits the experimental results well. The strategy that the model employs compliments the results from the experiment providing further information into the strategy subjects employed. Validated models of password input on mobile devices are an important tool that can aid designers in usability testing and security professionals when creating new password policies.