Password Entry Usability and Shoulder Surfing Susceptibility on Different Smartphone Platforms Florian Schaub, Ruben Deyhle, Michael Weber Institute of Media Informatics Ulm University 89069 Ulm, Germany { florian.schaub | michael.weber }@uni-ulm.de,
[email protected] ABSTRACT ing password composition rules and recommendations are Virtual keyboards of different smartphone platforms seem often optimized for desktop keyboards. They emphasize quite similar at first glance, but the transformation from password length and a mixture of different character types a physical to a virtual keyboard on a small-scale display (lowercase, uppercase, numbers, and special characters) to results in user experience variations that cause significant increase password entropy [13]. The shift from physical to differences in usability as well as shoulder surfing suscepti- virtual keyboards has been shown to influence typing abil- bility, i.e., the risk of a bystander observing what is being ity, due to the lack of tactile feedback and the size of soft typed. In our work, we investigate the impact of both as- keys [21, 16]. Furthermore, the typing effort of certain char- pects on the security of text-based password entry on mobile acters varies between physical and virtual keyboards. On devices. In a between subjects study with 80 participants, smartphone keyboards, typing numbers or special charac- we analyzed usability and shoulder surfing susceptibility of ters requires navigation to a second or third keyboard page. password entry on different mobile platforms (iOS, Android, Therefore, we formulate the hypothesis that the design and Windows Phone, Symbian, MeeGo). Our results show sig- layout of virtual smartphone keyboards affects password en- nificant differences in the usability of password entry (re- try performance.