PIN Scrambler: Assessing the Impact of Randomized Layouts on the Usability and Security of PINs

Daniel Kirkwood; Cagdas Tombul; Calum Firth; Finn Macdonald; Konstantinos Priftis; Florian Mathis; Mohamed Khamis; Karola Marky

doi:10.1145/3568444.3568450

Details

Original language	English
Title of host publication	Proceedings of MUM 2022, the 21st International Conference on Mobile and Ubiquitous Multimedia
Editors	Tanja Doring, Susanne Boll, Ashley Colley, Augusto Esteves, Joao Guerreiro
Publisher	Association for Computing Machinery (ACM)
Pages	83-88
Number of pages	6
ISBN (electronic)	9781450398213
Publication status	Published - 29 Dec 2022
Event	21st International Conference on Mobile and Ubiquitous Multimedia, MUM 2022 - Lisbon, Portugal Duration: 27 Nov 2022 → 30 Nov 2022

Publication series

Name	ACM International Conference Proceeding Series

Abstract

Randomizing the layout of the keypad has been proposed to improve the security of PIN entry. However, there has been no empirical quantification of its impact on usability and security. We present the first usability (N=17) and security (N=24) evaluations to compare PIN entry with the standard vs randomized layout. Our results show that randomizing the layout increases resistance to shoulder surfing and thermal attacks significantly, and has a very minor impact on entry accuracy, but it increases entry time (from ≈ 1.4 seconds to ≈ 2 seconds). We discuss how this simple approach can improve security with little impact on usability.

Keywords

authentication, privacy, user-centered security

ASJC Scopus subject areas

Computer Science(all)
Software
Computer Science(all)
Human-Computer Interaction
Computer Science(all)
Computer Vision and Pattern Recognition
Computer Science(all)
Computer Networks and Communications

Cite this

PIN Scrambler: Assessing the Impact of Randomized Layouts on the Usability and Security of PINs. / Kirkwood, Daniel; Tombul, Cagdas; Firth, Calum et al.
Proceedings of MUM 2022, the 21st International Conference on Mobile and Ubiquitous Multimedia. ed. / Tanja Doring; Susanne Boll; Ashley Colley; Augusto Esteves; Joao Guerreiro. Association for Computing Machinery (ACM), 2022. p. 83-88 (ACM International Conference Proceeding Series).

Research output: Chapter in book/report/conference proceeding › Conference contribution › Research › peer review

Kirkwood, D, Tombul, C, Firth, C, Macdonald, F, Priftis, K, Mathis, F, Khamis, M & Marky, K 2022, PIN Scrambler: Assessing the Impact of Randomized Layouts on the Usability and Security of PINs. in T Doring, S Boll, A Colley, A Esteves & J Guerreiro (eds), Proceedings of MUM 2022, the 21st International Conference on Mobile and Ubiquitous Multimedia. ACM International Conference Proceeding Series, Association for Computing Machinery (ACM), pp. 83-88, 21st International Conference on Mobile and Ubiquitous Multimedia, MUM 2022, Lisbon, Portugal, 27 Nov 2022. https://doi.org/10.1145/3568444.3568450

Kirkwood, D., Tombul, C., Firth, C., Macdonald, F., Priftis, K., Mathis, F., Khamis, M., & Marky, K. (2022). PIN Scrambler: Assessing the Impact of Randomized Layouts on the Usability and Security of PINs. In T. Doring, S. Boll, A. Colley, A. Esteves, & J. Guerreiro (Eds.), Proceedings of MUM 2022, the 21st International Conference on Mobile and Ubiquitous Multimedia (pp. 83-88). (ACM International Conference Proceeding Series). Association for Computing Machinery (ACM). https://doi.org/10.1145/3568444.3568450

Kirkwood D, Tombul C, Firth C, Macdonald F, Priftis K, Mathis F et al. PIN Scrambler: Assessing the Impact of Randomized Layouts on the Usability and Security of PINs. In Doring T, Boll S, Colley A, Esteves A, Guerreiro J, editors, Proceedings of MUM 2022, the 21st International Conference on Mobile and Ubiquitous Multimedia. Association for Computing Machinery (ACM). 2022. p. 83-88. (ACM International Conference Proceeding Series). doi: 10.1145/3568444.3568450

Kirkwood, Daniel ; Tombul, Cagdas ; Firth, Calum et al. / PIN Scrambler : Assessing the Impact of Randomized Layouts on the Usability and Security of PINs. Proceedings of MUM 2022, the 21st International Conference on Mobile and Ubiquitous Multimedia. editor / Tanja Doring ; Susanne Boll ; Ashley Colley ; Augusto Esteves ; Joao Guerreiro. Association for Computing Machinery (ACM), 2022. pp. 83-88 (ACM International Conference Proceeding Series).

Download

@inproceedings{4ccfcd3d88e143ca8e22d49d60b32dfd,

title = "PIN Scrambler: Assessing the Impact of Randomized Layouts on the Usability and Security of PINs",

abstract = "Randomizing the layout of the keypad has been proposed to improve the security of PIN entry. However, there has been no empirical quantification of its impact on usability and security. We present the first usability (N=17) and security (N=24) evaluations to compare PIN entry with the standard vs randomized layout. Our results show that randomizing the layout increases resistance to shoulder surfing and thermal attacks significantly, and has a very minor impact on entry accuracy, but it increases entry time (from ≈ 1.4 seconds to ≈ 2 seconds). We discuss how this simple approach can improve security with little impact on usability.",

keywords = "authentication, privacy, user-centered security",

author = "Daniel Kirkwood and Cagdas Tombul and Calum Firth and Finn Macdonald and Konstantinos Priftis and Florian Mathis and Mohamed Khamis and Karola Marky",

note = "Funding Information: This work was supported by a jointly funded PhD studentship from the University of Edinburgh and the University of Glasgow, the EPSRC (EP/V008870/1), and the PETRAS National Centre of Excellence for IoT Systems Cybersecurity, which is also funded by the EPSRC (EP/S035362/1).; 21st International Conference on Mobile and Ubiquitous Multimedia, MUM 2022 ; Conference date: 27-11-2022 Through 30-11-2022",

year = "2022",

month = dec,

day = "29",

doi = "10.1145/3568444.3568450",

language = "English",

series = "ACM International Conference Proceeding Series",

publisher = "Association for Computing Machinery (ACM)",

pages = "83--88",

editor = "Tanja Doring and Susanne Boll and Ashley Colley and Augusto Esteves and Joao Guerreiro",

booktitle = "Proceedings of MUM 2022, the 21st International Conference on Mobile and Ubiquitous Multimedia",

address = "United States",

}

Download

TY - GEN

T1 - PIN Scrambler

T2 - 21st International Conference on Mobile and Ubiquitous Multimedia, MUM 2022

AU - Kirkwood, Daniel

AU - Tombul, Cagdas

AU - Firth, Calum

AU - Macdonald, Finn

AU - Priftis, Konstantinos

AU - Mathis, Florian

AU - Khamis, Mohamed

AU - Marky, Karola

N1 - Funding Information: This work was supported by a jointly funded PhD studentship from the University of Edinburgh and the University of Glasgow, the EPSRC (EP/V008870/1), and the PETRAS National Centre of Excellence for IoT Systems Cybersecurity, which is also funded by the EPSRC (EP/S035362/1).

PY - 2022/12/29

Y1 - 2022/12/29

N2 - Randomizing the layout of the keypad has been proposed to improve the security of PIN entry. However, there has been no empirical quantification of its impact on usability and security. We present the first usability (N=17) and security (N=24) evaluations to compare PIN entry with the standard vs randomized layout. Our results show that randomizing the layout increases resistance to shoulder surfing and thermal attacks significantly, and has a very minor impact on entry accuracy, but it increases entry time (from ≈ 1.4 seconds to ≈ 2 seconds). We discuss how this simple approach can improve security with little impact on usability.

AB - Randomizing the layout of the keypad has been proposed to improve the security of PIN entry. However, there has been no empirical quantification of its impact on usability and security. We present the first usability (N=17) and security (N=24) evaluations to compare PIN entry with the standard vs randomized layout. Our results show that randomizing the layout increases resistance to shoulder surfing and thermal attacks significantly, and has a very minor impact on entry accuracy, but it increases entry time (from ≈ 1.4 seconds to ≈ 2 seconds). We discuss how this simple approach can improve security with little impact on usability.

KW - authentication

KW - privacy

KW - user-centered security

UR - http://www.scopus.com/inward/record.url?scp=85145874965&partnerID=8YFLogxK

U2 - 10.1145/3568444.3568450

DO - 10.1145/3568444.3568450

M3 - Conference contribution

AN - SCOPUS:85145874965

T3 - ACM International Conference Proceeding Series

SP - 83

EP - 88

BT - Proceedings of MUM 2022, the 21st International Conference on Mobile and Ubiquitous Multimedia

A2 - Doring, Tanja

A2 - Boll, Susanne

A2 - Colley, Ashley

A2 - Esteves, Augusto

A2 - Guerreiro, Joao

PB - Association for Computing Machinery (ACM)

Y2 - 27 November 2022 through 30 November 2022

ER -

Research@Leibniz University

PIN Scrambler: Assessing the Impact of Randomized Layouts on the Usability and Security of PINs

Authors

Research Organisations

External Research Organisations