Current Position: Home» News Center» Seminar News»

【Mingli Lecture, 2022, Issue 43】 Professor Zhang Dongsong of the University of North Carolina at Charlotte:

Lecture title:shoulder-finding resistant mobile user authentication: a comparison of touch style - and keystroke-based password methods

Time: 10:00-11:30, October 26, 2022 (Wednesday)

Reporter: Professor Zhang Dongsong, University of North Carolina, Charlotte

Conference No.: # Tencent Conference: 981-531-401

Introduction to the report:

The pervasive use of mobile devices exposes users to increasing risks of shoulder-surfing attacks. Despite previous efforts on understanding shoulder-surfing resistance of mobile user authentication methods, empirical studies on textual password methods, particularly hybrid passwords that combine passwords with biometrics, remain lacking. To fill this literature gap, this study compares shoulder-surfing resistance of two hybrid password methods: touch gesture- and keystroke-based passwords. We select a touch gesture-based password method that exemplifies multiple shoulder-surfing resistance strategies and a keystroke-based password method leveraging keystroke dynamics. To gain a holistic understanding of shoulder-surfing resistance of the above methods, we investigated the effects of interaction mode, observation angle, entry error, and observation effort and proposed the related hypotheses. To measure shoulder-surfing resistance performance, we proposed efficiency as well as effectiveness metrics. We conducted a longitudinal lab experiment and another online experiment with diversified participants to test the hypotheses. The results of both experiments show that the touch gesture-based password method is superior to the keystroke-based counterpart in guarding users against shoulder-surfing attacks. The results also provide empirical evidence for the effects of interaction mode, observation angle, and observation effort on shoulder-surfing resistance. Our findings provide suggestions on how to enhance the security of password-based authentication methods.

Brief introduction of the reporter:

Professor Zhang Dongsong is currently the Belk Chair Professor of Business Analysis, Department of Business Information Systems and Operations Management, University of North Carolina, Charlotte, and the Research Director of the School of Data Science. In 2002, he received a doctor's degree in management information system from the Eller School of Management, University of Arizona, USA. His research mainly includes knowledge management, online community, e-commerce, automatic identification of online fraud and other fields. At present, he has published about 100 academic papers in relevant academic journals and conferences, including MIS Quarterly, Journal of Management Information Systems (JMIS), IEEE Transactions on Knowledge and Data Engineering (TKDE), IEEE Transactions on Software Engineering, IEEE Transactions on Systems, Man, Cybernetics, Decision Support Systems and Information&Management. He has received research grants from the National Science Foundation (NSF), the National Institutes of Health (NIH), Google, the National Natural Science Foundation of China, the Chinese Academy of Sciences, the Royal Society and other institutions. He is now a senior editor, deputy editor and editorial board member of several internationally renowned journals in the field of information systems and e-commerce, including MIS Quarterly, Journal of Management Information Systems (JMIS), Communications of the ACM (CACM), Journal of Association of Information Systems, etc.

(Undertaken by: Department of Management Engineering, Scientific Research and Academic Exchange Center)