Open Collections

UBC Theses and Dissertations

UBC Theses Logo

UBC Theses and Dissertations

Towards understanding how Touch ID impacts users' authentication secrets selection for iPhone lock Cherapau, Ivan 2015

Your browser doesn't seem to have a PDF viewer, please download the PDF to view this item.

Item Metadata

Download

Media
24-ubc_2015_september_cherapau_ivan.pdf [ 1.8MB ]
Metadata
JSON: 24-1.0166310.json
JSON-LD: 24-1.0166310-ld.json
RDF/XML (Pretty): 24-1.0166310-rdf.xml
RDF/JSON: 24-1.0166310-rdf.json
Turtle: 24-1.0166310-turtle.txt
N-Triples: 24-1.0166310-rdf-ntriples.txt
Original Record: 24-1.0166310-source.json
Full Text
24-1.0166310-fulltext.txt
Citation
24-1.0166310.ris

Full Text

Towards understanding how Touch ID impacts users’ authenticationsecrets selection for iPhone lockbyIvan CherapauB.Sc in Physics, University of Massachusetts Boston, 2010A THESIS SUBMITTED IN PARTIAL FULFILLMENTOF THE REQUIREMENTS FOR THE DEGREE OFMaster of Applied ScienceinTHE FACULTY OF GRADUATE AND POSTDOCTORAL STUDIES(Electrical and Computer Engineering)The University of British Columbia(Vancouver)June 2015c© Ivan Cherapau, 2015AbstractSmartphones today store large amounts of data that can be confidential, private or sensitive. To protectsuch data, all mobile OSs have a phone lock mechanism, a mechanism that requires user authenticationin order to access applications or data on the phone, while also allowing to keep data-at-rest encryptedwith encryption key dependent on the authentication secret. Recently Apple has introduced Touch IDfeature that allows to use a fingerprint-based authentication to unlock an iPhone. The intuition behindsuch technology was that its usability would motivate users to use stronger passwords for locking theirdevices without sacrificing usability substantially. To this date, it is not clear, however, if users take anadvantage of Touch ID technology and if they, indeed, employ stronger authentication secrets. It is themain objective and the contribution of this work to fill this knowledge gap.In order to answer this question we conducted three user studies (a) an in-person survey with 90subjects, (b) an interview study with 21 participants, and (c) an online survey with 374 subjects. Overallwe found that users do not take an advantage of Touch ID and use weak authentication secrets, mainlyPIN-codes, similarly to those users who do not have Touch ID sensor on their devices. To our surprise,we found that more than 30% of subjects in each group did not know that they could use alphanumericpasswords instead of four digits PIN-codes. Others stated that they adopted PIN-codes due to betterusability in comparison to passwords. Most of the subjects agreed that Touch ID, indeed, offers usabil-ity benefits such as convenience, speed and ease of use. Finally, we found that there is a disconnectbetween users desires for security that their passcodes have to offer and the reality. In particular, only12% of participants correctly estimated the security PIN-codes provide while the rest had unjustifiedexpectations.iiPrefaceChapters 5, 6 and 7 of this thesis have been published. The author of this thesis performed the usersstudies mentioned in chapters 5, 6 and 7. He also analyzed the data from those studies. He authoredthe corresponding paper, under the supervision of Dr. Konstantin Beznosov who provided feedback andguidance throughout the research process. Details of the published paper are below:• I. Cherapau, I. Muslukhov, N. Asanka, and K. Beznosov. Impact of Touch ID on Users Authenti-cation Secrets Selection for iPhone Lock. In Proceedings of the Eleventh Symposium on UsablePrivacy and Security, SOUPS 15, 2015.Three user studies were conducted as part of the research. For the first study (explained in chapter5), we submitted a human ethics application with the BREB number of H14-02759 to UBC BehaviouralResearch Ethics Board. For the second study (explained in chapter 6) and the third study (explained inchapter 7), we submitted amendments (with the same BREB number) to the first study application. Theethics application and its amendments were approved by UBC Behavioural Research Ethics Board.iiiTable of ContentsAbstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iiPreface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iiiTable of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ivList of Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiList of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viiiAcknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42.1 Data Protection in iOS and Bruteforce Attack . . . . . . . . . . . . . . . . . . . . . . 42.2 Touch ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.3 Measuring Password Strength . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Literature Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Research Question and Hypotheses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Study 1 – In-person Survey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125.1 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125.1.1 Study Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125.1.2 Participant Recruitment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13iv5.2 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145.2.1 Participant Demographics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145.2.2 Reasons To Lock Or Not To . . . . . . . . . . . . . . . . . . . . . . . . . . . 155.2.3 Use of PINs and Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . 155.2.4 Touch ID Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175.2.5 Non-Touch ID Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175.2.6 Hypothesis Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185.3 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196 Study 2 – Interviews . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206.1 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206.1.1 Participant Recruitment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216.1.2 Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216.2 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226.2.1 Participant Demographics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226.2.2 Reasons for Using PIN-codes . . . . . . . . . . . . . . . . . . . . . . . . . . 226.2.3 Security Lock Sharing Behaviour . . . . . . . . . . . . . . . . . . . . . . . . 256.3 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267 Study 3 – Online Survey on MTurk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277.1 Methodology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277.2 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287.2.1 Participant Demographics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287.2.2 Testing H1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297.2.3 Testing H2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307.2.4 Reasons for Using PIN-code . . . . . . . . . . . . . . . . . . . . . . . . . . . 307.2.5 Reasons for Using Touch ID . . . . . . . . . . . . . . . . . . . . . . . . . . . 327.2.6 Who Users Lock Their iPhones Against . . . . . . . . . . . . . . . . . . . . . 337.2.7 Authentication Secret Sharing Behaviour . . . . . . . . . . . . . . . . . . . . 337.3 Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35v8 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42A In-person Survey Guide and Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . 46A.1 Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46A.2 Questions for Both Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46A.3 Questions for Touch ID Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53A.4 Questions for Non-Touch ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56A.5 Final Instructions for Both Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57A.6 In-person Survey Supplemental Graph . . . . . . . . . . . . . . . . . . . . . . . . . . 58B Interview Guide and Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59B.1 Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59B.2 Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59C Online Survey Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61C.1 Questions for Both Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61C.2 Questions for Non-Touch ID group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71C.3 Questions for Touch ID Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72C.4 Online Survey Supplemental Graph . . . . . . . . . . . . . . . . . . . . . . . . . . . 74viList of TablesTable 5.1 Demographics of In-person Survey Participants . . . . . . . . . . . . . . . . . . . 16Table 5.2 Average Entropies of Unlocking Authentication Secrets for Touch ID and non-TouchID Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Table 6.1 Demographics of Interviewed Participants . . . . . . . . . . . . . . . . . . . . . . 23Table 7.1 Demographics of MTurk Participants and Distribution across Two Groups and Lock-ing Authentication Method Used. . . . . . . . . . . . . . . . . . . . . . . . . . . . 36viiList of FiguresFigure 2.1 Overview of how Touch ID works. When Touch ID is enabled and user lock thedevice, the encryption key is wrapped by random wrapping key. A user has anoption to type in his passcode (1b) or use Touch ID. When the user use his fingerprintto unlock the phone in step (1), Touch ID authenticates the user by matching hisfingerprint with saved fingerprints. If the authentication is successful, the sensorrelease a wrapping key to the Secure Enclave in CPU (2) , so CPU can send DataProtection Keys to Crypto Engine (3). If, the user fails to authenticate for five times,or does not unlock device for 48 hours, the Touch ID sensor flushes the unwrappingkey, which leaves typing in the passcode as the only option for unlocking an iPhone. 6Figure 5.1 In-person survey’s password structure question. . . . . . . . . . . . . . . . . . . . 14Figure 6.1 Number of unique codes for each additional subject. We reached saturation around17th subject. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Figure 7.1 Examples of verification photos that subjects sent us. From left to right, (1) a photoof an iPhone taken with front facing camera in a mirror, (2) a screenshot of PIN-code based iPhone unlock interface, and (3) a screenshot of password-based iPhoneunlock interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28Figure 7.2 Reasons for using PIN-codes instead of passwords for each group. . . . . . . . . . 31Figure 7.3 Reasons for using Touch ID (n = 173). . . . . . . . . . . . . . . . . . . . . . . . . 32Figure 7.4 Distribution of attackers who users lock their iPhones against. For Touch ID group(n = 173), and for non-Touch ID group (n = 201). . . . . . . . . . . . . . . . . . . 34viiiFigure 7.5 Distribution of authentication secret for iPhone lock sharing among different groupsof people (n = 374). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Figure A.1 Study 1 (in-person surveys) Touch ID participants’ answers for questions ”Howhard was it to set up Touch ID?”, ”Is it easy to use Touch ID?” and ”Overall, howsatisfied are you with using Touch ID?” (n = 41). . . . . . . . . . . . . . . . . . . 58Figure C.1 Distribution of attackers (insiders and strangers) who users lock their iPhones against.For Touch ID group (n = 173), and for non-Touch ID group (n = 201). . . . . . . . 74ixAcknowledgementsFirst, I would like to thank my academic advisor, Konstantin Beznosov, for his kind support, guidelinesand assistance during my graduate studies.Second, this work would not have been possible without my smart colleagues and great friends.Thank you Ildar Muslukhov for a lot of help throughout the course of the project, Yazan Boshmaf for agreat feedback and outdoor activities, Primal Wijesekera for intellectually stimulating conversations.Third, I would like to thank all members of LERSSE for their feedback.My heartfelt gratitude goes to my dear parents and my brother for their enormous support andconstant encouragement.xTo my parents for their endless love, supportand encouragement.xiChapter 1IntroductionSmartphones have become our primary devices for accessing data, applications and by extension theInternet. With more than a billion smartphones sold in 2014 and more than 2 billion active subscribers,global smartphone user base is expected to grow to 5.6 billion by 2019 [14]. Smartphones are alreadyused for online banking, accessing corporate data, operations that used to be only in the domain ofdesktops and laptops. This transition results in sensitive and confidential data being stored and accessedon smartphones. High mobility and small size of smartphones alter the common threat model used fordesktop and laptops devices. In particular, it is much easier to steal smartphones due to their size, andthen to access data-at-rest [29].The state of the art approach to protect data-at-rest, adopted by all mobile OSes, is to encrypt data,e.g., see [33]. In order to avoid the problem of storing an encryption key together with encrypted data,a user authentication secret is used to derive a key that protects the actual data encryption key. Thecommon practice is to use smartphone lock authentication secret for such purpose. Unfortunately, usersemploy weak personal authentication secrets, i.e., personal identification number (PIN), mainly due tousability-related considerations [32]. PIN-codes are not only susceptible to shoulder surfing attack, theycan also be easily bruteforced [35]. At the same time, 4-digit PIN-codes are considered unusable bymore than 20% of smartphone users [32]. In particular, usability issues pushed these users to disablesmartphone lock completely, which leaves hundreds of millions of smartphone users unprotected [31].In recent years, several companies, such as Apple and Samsung, have introduced biometric authen-tication to smartphones lock. For example, in 2013, Apple has introduced a fingerprint scanner into theiPhone 5S “home” button, so-called Touch ID, which authenticates a user once she touches the Home1button. As it is stated in the iOS security white paper [4], the key advantage Touch ID is that it “makesusing a longer, more complex password far more practical because users won’t have to enter it as fre-quently” and “the stronger the user password is, the stronger the encryption key becomes. Touch IDcan be used to enhance this equation by enabling the user to establish a much stronger password thanwould otherwise be practical.”These claims are based on the assumption that usability of the password largely depends on thefrequency of its usage and that users will use passwords with higher entropy as a result of a reducedfrequency . Recent research, however, casts doubts on this assumption. In particular, several studieshave showed that users tend to create low-entropy passwords regardless of how frequently they haveto type it in [8, 18, 36]. Thus, it’s still unclear if and how Touch ID sensor impacts users’ passwordsselection. Thus, the main focus of the work presented in the thesis is to fill up this knowledge gap.In order to understand the impact of Touch ID sensor on users’ password selection, we focus ontesting our main hypothesis (HMain) – “There is a difference in password entropy between those who useTouch ID and those who do not”. To measure password entropy we used zero-order entropy1 as it (a)served the purpose of our study in terms of comparing two groups, (b) allowed us to do the comparisonwithout having access to actual passwords. Furthermore, the results of our study revealed that even withzero-order entropy, which overestimates the real complexity of passwords, the strength of currently usedpasswords can not withstand brute-force attacks. Throughout this thesis we refer to zero-order entropyas entropy for brevity.To test the HMain we conducted three user studies. We received an approval for conducting theuser studies from our university’s office of research ethics. In order to get a first take at HMain, weconducted an in person survey with 90 subjects. We opted for in person survey in order to able toverify reported data accurately. The results of the study did not reveal statistically significant differencebetween the average entropies of both groups. Meanwhile, the 95% confidence interval suggested thatif there is a difference, hypothetically, then the absolute value of a difference should not be larger than3.35 bits. In order to understand why users are not adopting stronger passwords when Touch ID isavailable we conducted a follow up qualitative study based on interviews. The results of the interviewswith 21 subjects allowed us to identify the key reasons for users to stick with weak 4-digits PIN-codes.Unawareness of passcode availability is one such reason. Finally, to corroborate findings of the first two1Zero-order entropy implies that each password character is selected independently of all previous characters.2studies, we conducted an online survey with 374 subjects. Final study confirmed the results of the inperson survey and quantitatively measured the prevalence of found reasons. In particular, more than 30%of the participants were unaware that stronger passcodes are available, around 35% of the participantspreferred PINs as they are easier to remember and more than half of the participants used PINs becausethey are easier to use (e.g., faster to type). In addition, we narrowed down the 95% confidence intervalfor a hypothetical difference in passwords entropies between the two groups (1.91 bits of difference atmost).3Chapter 2BackgroundIn this chapter we give necessary background. We begin with discussion of the bruteforce attack onpasscode in iOS device and how Touch ID sensor works. We conclude by explaining how we measuredpassword entropy.2.1 Data Protection in iOS and Bruteforce AttackTo protect data confidentiality, iOS encrypts each file with a unique per-file key. Per file key is thenencrypted with one of four class keys. Each of the four class keys is available during various contextualsettings, e.g., after the first unlock or when the device is unlocked. These class keys are protected withthe user’s passcode and a Device ID, i.e., a hardware embedded unique key. In order to extract hardwareembedded key, an adversary can attempt to reverse engineer the crypto chip, which is expensive task interms of time and resources required. If that key extraction operation fails, the adversary can still mountan on-device bruteforce attack, which uses the crypto-chip directly, in order to decrypt class keys. Todecrease effectiveness of such attacks the crypto chip in iOS is calibrated to take at least 80 ms for eachpasscode attempt.In order to mount an on-device attack an adversary needs to be able to run arbitrary code on thestolen device. This can be achieved by compromise of the boot-chain, which consists of the followingsteps (1) BootRom (non-updateable read-only firmware), which loads iBoot phase and verifies integritybefore passing control to it, (2) iBoot - (updateable firmware), which checks integrity of Kernel, loads itand passes control to it, and (3) the Kernel, responsible for all the services in iOS and for loading usersApps [1]. To bypass Kernel’s limitation on the number of available attempts, one needs to compromise4BootRom or iBoot [43]. The recent history of jailbreaking suggest that making iBoot and BootRombug-free is quiet challenging 1. Note that, it does not matter whether the phone is locked or not once theattacker can run arbitrary code on the device. That is, the attacker can use crypto chip directly in orderto try all possible passcodes without restriction of 10 attempts enforced by the Kernel (i.e., iOS).Of course, it takes some time, effort and luck to find an exploitable bug in BootRom or iBoot stepsfor new version of iOS. The history of security, however, has taught us that it is impossible to eliminateall bugs in complex systems. Even more, there are claims that these bugs are known to jailbreakingcommunity for the most recent iOS version (i.e., 8.3)2.2.2 Touch IDTouch ID is a biometric authentication sensor based on a high definition fingerprint scanner embeddedinto home button on iPhones. This sensor allows users to unlock their devices by simply touching thehome button. Although Touch ID allows to unlock a device without typing in a password, users are stillrequired to set a PIN-code or a password before being able to use the Touch ID sensor. The root causefor such strict requirement lays in data-at-rest encryption, which needs a source of entropy that is notstored on the device itself. Users’ unlocking authentication secrets are used as such source.A password can be a simple four-digit PIN-code3 or a longer one, with up to 37 characters and with77 possible symbols. When a locked device boots, it requires the user to provide the password or PIN-code, since the Touch ID internal memory is flushed on reset or shutdown, i.e., immediately after rebootusers are not able to use Touch ID sensor. Once a user provides the unlocking secret, the OS is able torecover actual data encryption keys and uses them to decrypt and encrypt data. If the device is rebootedor locked, OS erases certain types of keys from RAM, i.e., a passcode will be needed to recover themon unlock.When user locks the device and Touch ID sensor is enabled, iPhone’s CPU generates a randomwrapping key and “wraps” the encryption key derived from unlocking secret. It then sends the wrappingkey to Touch ID sensor and deletes the key derived from unlocking secret from RAM. After that, a userhas two options in order to unlock the device, either type in the unlocking secret or to use Touch ID torelease the unwrapping key back to CPU. When the user touches the Touch ID sensor, the sensor tries1http://blog.thireus.com/tag/iboot2https://www.theiphonewiki.com/wiki/IBoot (Bootloader)#Exploits3Apple security white paper defines it as a simple passcode. We refer to such passwords as to PIN-codes.5Figure 2.1: Overview of how Touch ID works. When Touch ID is enabled and user lock the device, theencryption key is wrapped by random wrapping key. A user has an option to type in his passcode(1b) or use Touch ID. When the user use his fingerprint to unlock the phone in step (1), TouchID authenticates the user by matching his fingerprint with saved fingerprints. If the authenticationis successful, the sensor release a wrapping key to the Secure Enclave in CPU (2) , so CPU cansend Data Protection Keys to Crypto Engine (3). If, the user fails to authenticate for five times,or does not unlock device for 48 hours, the Touch ID sensor flushes the unwrapping key, whichleaves typing in the passcode as the only option for unlocking an iPhone.to authenticate the user based on the fingerprint. If the authentication attempt is successful, the sensorreleases the unwrapping key to the CPU. If, however, the user fails to authenticate for five times, or doesnot unlock device for 48 hours, the Touch ID sensor flushes the unwrapping key, which leaves typing inthe unlocking secret as the only option for unlocking an iPhone. The diagram of how Touch ID unlocksan iOS device is shown in Figure 2.1.We decided to focus on Touch ID sensor mainly because it is implemented into an existing andpopular operating system, which is widely adopted. We did not study Android fingerprint and face6scanners because the former is very new technology that first appeared in April 2014 [20] and the latterhas several usability [7] and security issues [15].2.3 Measuring Password StrengthThe strength of an authentication secret is defined by the efforts an attacker needs to spend on guessingit. In simple terms, these efforts can be defined as the size of the search space the attacker needs to checkin order to find the correct password. One such metric is the zero-order entropy, measured in bits andcalculated asL∗ log2Nwhere L is the length of the password and N is the character set size (e.g., the length of iPhone’sPIN-code is four and the character set size is 10, hence, its zero-order entropy is 13.28 bits). That is,zero-order entropy measures the size of the whole search space of all possible passwords for a givenlength and a given alphabet set with the assumption that each character is selected independently fromall previous ones.Of course, zero-order entropy, as a metric, suffers from several limitations. The most importantone is that it does not measure the password strength accurately. Recent research has showed thatusers tend to select highly predictable passwords and often use dictionary words as ones [9, 16]. Suchpredictability makes the search space smaller, i.e., the work of an attacker easier. This implies thatthe zero-order entropy measures the upper bound of the work for an attacker, i.e., overestimates theworkload.Even considering its limitations we decided to use zero-order entropy in our study for passwordstrength comparison for several reasons. First, evaluation of the password’s guessability requires accessto plaintext passwords, which we did not have for ethical considerations. Second, zero-order entropyserved well the purpose of our study in comparison of two groups, i.e., with and without Touch ID,in terms of work the attacker needs to do. Finally, the results of our study showed that even if weoverestimate the password strength, the actual workload for a bruteforcing attacker is still practical.7Chapter 3Literature ReviewAuthentication mechanisms have been studied extensively for many years [8, 26], however, text-basedpasswords remain the most commonly used authentication mechanism and the security’s weakest link [9,22, 27]. Florencio and Herley [16, 17] conducted a study on web password use and reuse with halfa million users over a three months period. Their results suggest that web users employ and re-uselow-entropy passwords on websites. Weir et al. [41] analyzed a set of leaked passwords. Authorsshowed that popular passwords were also weak and “123456” was very common among users. Toprevent users from choosing passwords that are too easy for an attacker to guess, system administratorsoften enforce password-composition policies [27]. A policy might require users to use a password thatcontains non-alphanumeric symbols, lower and upper case letters, and numbers. Using a too strictpassword policy, however, might backfire and push users to write down passwords or store them onsome other devices [27].Two recent studies examined smartphone locking behaviours using conventional authenticationmechanisms. Harbach et al. found that users activate their phones 85 times and unlock their phones50 times per day on average and that most of users did not see any threat to the data on their phone[21].Egelman et al. also found a strong correlation between locking behaviours and risk perceptions, but au-thors believe that user’s risk perceptions underestimates actual dangers [13]. In contrast to these papers,we focused on the reasons for stronger passcodes not been used when TouchID is available.A different authentication modality, such as biometrics-based authentication, has also received alot of attention from research community [2, 30, 39]. If used, biometric authentication methods couldremedy common drawbacks of text-based passwords. For example, users do not need to remember any-8thing [7]. Although, as it has been shown, the usability of a biometric system is still an important factorin adoption [34, 38]. The results of De Luca et al. study show that usability is one of the main factorsthat influences user’s decision on whether or not to use smartphone biometric authentication [12]. Craw-ford and Renaud’s [11] study revealed that users were willing to try biometric authentication mainly forits usability benefits. In addition, Breitinger et al. [10] showed that 87% of users were in favour offingerprint authentication. Wimberly and Liebrock observed that the presence of the second factor in atwo-factor authentication system caused users to pick weaker credentials than if only passwords wereused to protect an account [42]. In contrast to our work, we focus on how Touch ID sensor impactsusers’ choice of iPhone unlocking authentication secret in a single-factor authentication system.Indeed, there are many reasons to use fingerprint for authentication. To start with, it is unique toeach individual, and it is almost impossible to find two people with an identical fingerprint pattern [4].Individuals’ fingerprint patterns never change during their life span [40]. Fingerprint sensor can benefitthe security and the user convenience, if used in smartphones [19]. There are many limitations ofsmartphones’ screen size and keyboards [19, 25]. Finally, text entry on constrained keyboards is proneto errors, time-consuming and frustrating. In particular, Lee and Zhai showed that error rate for typingon virtual keyboards, i.e., keyboards drawn on a screen, is 8% higher than on hardware keyboards ongeneral purpose computers [28]. Furthermore, Bao et al. [6] found that the average typing speed for a8-character alphanumeric password on desktop computers it was 17 words per minute (w.p.m), while ona mobile device it was 6 w.p.m., i.e., almost three times slower.Recent research shows that users tend to use 4-digit PINs over alphanumeric passwords in smart-phones [24, 32]. Users justified such choice by how easy it is to use PIN-codes in cases when one hasto type them with high frequency for their day-to-day activities. Unfortunately, it is clear today that a4-digit PIN provides virtually no security for data-at-rest [4, 37]. To make the matter worse, even within4-digit PINs search space, users select highly predictable ones. For instance, Amitay [3] analyzedover 200,000 iPhone PINs and showed that “1234” is the most common PIN, followed by “0000” and“2580”. Considering that iPhone allows up to 10 attempts for unlocking the device through user inter-face, before erasing the data, one can try the top 10 PIN-codes and still achieve 15% success rate. Thatis, one in seven iPhones can be unlocked by just trying the top 10 PIN-codes. The main intuition behindthe design of the Touch ID sensor was to reduce the number of times a user must type her authenticationsecret to unlock the device [4]. Bhagavatula et al found that most Touch ID users perceive it as more9usable and secure than a PIN [7]. To the best of our knowledge, we are the first to assess whether userstake an advantage of Touch ID sensor and increase entropy of their iPhone unlock secrets.10Chapter 4Research Question and HypothesesThe main research question (RQM) of our study is “How availability of Touch ID sensor impacts users’selection of unlocking authentication secrets”. To answer this question we formulated the followinghypotheses to be tested:• Hnull1 – Use of Touch ID has no effect on entropy of authentication secrets used for iPhone locking.• Halt1 – Use of Touch ID affects entropy of authentication secrets used for iPhone locking.• Hnull2 – Availability of Touch ID has no effect on ratio of users who lock their iPhones.• Halt2 – Availability of Touch ID increases the ratio of users who lock their iPhones.To answer RQM we conducted three user studies. We started with a study based on in-person surveys.This study allowed us to get a first glance on our hypotheses, clarify areas with the lack of understandingand focus our future studies. Once we tested our hypotheses in the first study, we followed it witha focused interview-based study. The main focus of the second study was to fill our knowledge gapin users’ reasoning for not adopting stronger authentication secrets with Touch ID. The results of thisstudy allowed us to gain an insight into why users still use PIN-codes, even when Touch ID sensor isavailable. Finally, to corroborate our data and measure the relevance of different reasons for the use ofweak authentication secrets, obtained from the second study, we conducted the third study in a form ofan online survey. This study gave us a larger and diverse subject pool for testing our set of hypothesesand provide descriptive statistics on reasons for using weak unlocking authentication secrets.11Chapter 5Study 1 – In-person Survey5.1 MethodologyIn our first study, we chose to use an in-person survey of iPhone users in order to get the first attemptat the set of hypotheses. An in-person nature of the study not only allowed us to follow-up unforeseenanswers with additional questions, but also gave us an opportunity to validate most of the answers pro-vided by subjects. We strived to recruit a pool of diverse subjects, hence we approached our participantsin common public places, such as shopping malls and coffee shops. Each subject signed a consent formand received $10 as a compensation for participation.5.1.1 Study DesignTo facilitate faster data collection in public locations with limited and unreliable access to the Internet,we developed an iPad application, which showed survey questions to users and collected responses. Allanswers were stored locally, for some of the questions we also validated subjects’ answers by askingparticipants to show us the item at question. For example, we validated the type of authentication methodused, by asking to show us the locking screen, and we validated the length of the alphanumeric passwordby asking subjects to show us the unlocking screen after the password has been typed but the participanthas not pressed the Enter button. This allowed us to count the number of stars in the password field,which validated the password length. In addition, subjects were asked to navigate to the settings of theauto-lock screen. This allowed us to validate auto-lock value. Finally, by asking subjects to unlock theirdevice with a fingerprint we were able to confirm that they, indeed, used the Touch ID sensor.12Most of the survey questions were either open-ended or contained option “Other”, which allowedsubjects to provide their own answer if needed. The questionnaire guide is provided in Appendix A andconsists of the following parts:1. Part 1 – Demographic questions (e.g., age, gender, education, income, occupation).2. Part 2 – Security and privacy concerns related questions, e.g., we asked subjects if they had anysensitive, private or valuable information on their iPhones.3. Part 3 – Questions on the experience subjects had that far with their smartphones, including ifthey used smartphone locks in previous smartphones.4. Part 4 – Password metrics questions. In this part, we asked subjects to provide us a structureof their unlocking passwords. In order to preserve confidentiality of the plaintext passwords,participants substituted each character in their passwords with character type mnemonic. Fordigits letter ’D’ was used, for lower-case letters we used letter ’L’, for upper-case letters weused character ’U’, and finally, for special characters letter ’S’ was used. For example, password“12pA@” would be presented as “DDLUS” string. The screenshot of this question is shown inFigure 5.1. We chose this approach for two reasons. First, it allowed us to assess entropy. Second,this approach did not require us to have access to plaintext unlocking authentication secret.5. Part 5a – This section was only relevant for iPhone 5s, 6 and 6 Plus owners. In this section, weasked questions related to Touch ID’s usability and reasons for its adoption.6. Part 5b – This section was only relevant for the owners of iPhone 5 and earlier models. There,we asked subjects about their perception of biometric authentication methods such as Touch ID.In order to test our questionnaire, we conducted a pilot study with 12 participants. Based on theresults of the pilot study we revised the survey application and modified several questions in the ques-tionnaire. Most of the changes we made were aimed at improving questions’ readability.5.1.2 Participant RecruitmentWe recruited participants in public places such as shopping malls, libraries and coffee shops in thedowntown area of Vancouver. We approached prospective participants who had iPhones with them andoffered them to participate in our study. We chose this recruitment method mainly because we were13Figure 5.1: In-person survey’s password structure question.interested in the general population of iPhone users and. We recruited subjects who were iPhone usersand 19 years old or older. Although the main focus of our study was Touch ID sensor (iPhone 5S, 6 and6+ owners), we also recruited subjects with older models, such as iPhone 5 and older. Subjects that usedthe Touch ID sensor were grouped into Touch ID group while the rest were grouped into non-Touch IDgroup. Note, that even iPhone 5S, 6 and 6+ users were assigned to the non-Touch ID group if they didnot use the Touch ID sensor.5.2 ResultsIn this section, we report the results of an in-person survey study. We first report participants’ demo-graphics, then provide findings for all subjects and for each group separately. Finally, we report theresults of statistical tests for H1 and H2.5.2.1 Participant DemographicsOverall, we recruited 93 subjects. We, however, had to exclude 3 subjects who failed password lengthverification. Thus, the results presented in this section are based on 90 participants.Out of 90 participants, 32 were female. The minimum and maximum age was 19 and 71 years, and14the average age was M = 29 (SD = 12). Among all subjects, 41 used Touch ID sensor and 49 did not.Majority of our participants were experienced iPhone users, i.e., they owned an iPhone for more thantwo years of experience. Only 12 subjects owned iPhones for less than a year. Almost all of the subjects(81) had owned another smartphone before the current one. Most of our subjects (69) have stated thatthey unlock their iPhones at least a once per hour. In addition, we found that 32 subjects had lost theirsmartphones before, and 15 subjects were victims of smartphone theft. On average, subjects completedsurvey in around 5.5 minutes (SD = 2 minutes) in non-Touch ID group, and in around 7 minutes (SD =3 minutes) in Touch ID group. Demographics summary is provided in Table 5.1.5.2.2 Reasons To Lock Or Not ToOverall we found that subjects use various reasoning to justify locking or not locking their iPhone.Some of the reasons were driven by a possible attacker, e.g., 58 subjects locked their devices to restrainstrangers from using their iPhone and 4 subjects locked their phone to protect their data if they getmugged, 23 subjects used device lock to control access to their device by their family or friends. Inaddition, we saw that some subjects used social behavior to justify locking, e.g., 12 subjects said thatthey lock their device because their friends did the same.Other reasons were focused either on usability problems of device locking, voiced mainly by thosewho did not lock their device, or necessity to have certain features that were either enabled or preventedby device locking. The four subjects who did not lock their device stated the following reasons: (a)locking a phone makes it impossible to use it in emergency cases, (b) locking iPhone makes it impossibleto contact the owner in case the device is lost, and, finally, (c) unlocking process takes too much time.Only two subjects, out of the four, who did not lock their iPhones stated that they did not care aboutsecurity of their data.5.2.3 Use of PINs and PasswordsOut of the 90 subjects, 86 locked their phones, with 66 employing 4-digit PIN-codes, and 20 usingalphanumeric passwords. Third of the subjects (36) used the same PIN or password for their iPhones asthey used in their previous smartphones. In addition, 52 subjects stated that they shared their unlockingauthentication secret with someone else, and 53 stated that they knew unlocking authentication secretfrom other smartphone users.15Table 5.1: Demographics of In-person Survey ParticipantsParameter Property Participants %Gender Female 30 34Male 60 6619-24 43 4825-34 29 32Age 35-44 8 945-54 2 255-64 6 765+ 2 2Education High school 30 34College de-gree22 24Bachelor 28 31Master orPhD7 8Other 3 3Income Less than20K25 2820K-50K 29 3250K-80K 16 1880K-120K 8 9Above 120K 5 6Prefer not toanswer7 8Industry Construction 2 2Trade 2 2Transportation 3 3Finance andreal estate7 8Professionalservices5 6Business andbuilding11 12Educationalservices4 4Health careand social5 6Inform./culture/recreation 3 3Accomm./foodservices6 7Public ad-ministration1 1Other 45 410-1 12 13iPhone Ownership 1-2 18 20(years) 2-3 24 273+ 36 40Once a day 3 3Frequency of un-lockingFew times aday11 12Once perhour12 13Few timesper hour57 64I have noidea7 8Locking method PIN-code 66 73Password 20 22None 4 5165.2.4 Touch ID GroupThe Touch ID group included 41 subjects, with 29 of them using 4-digit PIN-codes. Majority of themagreed that they liked using Touch ID. In particular, 26 participants found that setting up Touch ID waseasy or very easy and 29 subjects stated that use of Touch ID was easy or very easy (see Appendix A.6).Majority of the participants (30) had never had any issues with Touch ID. Overall Touch ID users thoughtof Touch ID as of convenient, secure, quick and easy to use unlocking mechanism.Touch ID subjects also voiced their concerns with fingerprint scanning sensor. In particular, threeparticipants had problems with sharing their iPhones. Others saw Touch ID sensor as a threat due to theability of an attacker to unlock device while the owner is sleeping (e.g., P9 “... [I] might be sleepingand someone might use my finger to unlock [my iPhone] ...”)1. Some subjects were even afraid thatan attacker might fake their fingerprints, in order to access device later. Seven participants worriedabout privacy of their fingerprints, due to the lack of clarity on whether Apple stores their fingerprintssomewhere else. For example, one of the subjects (P11) stated that she was afraid about “Apple leakingmy fingerprint and someone can impersonate me” and “fingerprint being used for other purposes thanto just unlock my phone”.5.2.5 Non-Touch ID GroupThe non-Touch ID group included 49 subjects, where 4 subjects did not lock their phones and 37 usedPIN-codes and eight used passwords as unlocking authentication secret. Out of 49 subjects, 13 hadTouch ID available but did not use it.We observed that participants perceived fingerprint authentication as a security improvement. Forexample, “anyone can figure out a password but people can’t copy your fingerprint” (P69), “additionalsecurity”, “for those with sensitive info on phones more security is desirable” (P78), “it is easy, accurateand secure” (P5), “it’s safer” (P19), “more secure than 4 digit password” (P33), “no one can fake myfingers” (P98), ”I will use Touch ID so my friends don’t get in my phone” (P45). Although their iPhonesdid not have fingerprint scanners, more than one-third of participants believe that Touch ID is mostsecure unlocking method. Surprisingly, only three participants from non-Touch Group were willing touse a longer alphanumeric password alongside with the Touch ID.1Exactly the same story has happened recently, when the son unlocked his father iPhone by his father’s large thumb whilethe father was sleeping (http://money.cnn.com/2014/12/01/technology/security/apple-iphone-encryption-fingerprint).17Table 5.2: Average Entropies of Unlocking Authentication Secrets for Touch ID and non-Touch IDGroups.Touch ID Non-Touch IDMean 15.88 bits 15.61 bitsSD 6.93 bits 7.45 bitsN 41 495.2.6 Hypothesis TestingTo test H1 we first compared proportions of users that use PIN-codes and passwords in both groups.Then we compared mean values of entropies in both groups. Analysis of proportions did not revealany statistically significant difference (χ-squared = 1.01, p = 0.32). In order to compare mean valuesof entropies in both groups we used masks that subjects provided in order to obtain the length of theauthentication secret and the alphabet size, which later were used for entropy calculation. The results ofMann?Whitney U test for 2 samples (Touch-ID and Non-Touch ID groups) did not reveal any statisticallysignificant difference between mean values of entropies in both groups (W = 15708, p = 0.70, seeTable 5.2. Thus, we were unable to reject Hnull1 .In addition, statistical analysis of the mean values of entropies gave us a confidence interval, i.e., thepossible interval of the difference. This allowed us to assess the biggest possible difference in entropiesin case a statistically significant difference is found, by recruiting larger participant pool. In this case the95% confidence interval for the difference between the means was from -3.35 up to 2.81, or 3.35 bits atmost.If we consider a hypothetical scenario in which the Touch ID group has a higher entropy, and wesimply failed to determine that due to small size of the subject pool, and considering the observed meanentropy value of 15.88 bits, we can obtain the possible maximum entropy for the group, which is 19.23bits of entropy. Taking into account the design of the data encryption in iPhones, i.e., that each passwordcandidate check takes at least 80ms, we can estimate how long an average authentication secret wouldprotect data-at-rest with password of 19.23 bits of entropy, which corresponds to roughly 14 hours. Incomparison, the non-Touch ID group’s passwords on average provide protection for only 1.1 hour.We tested H2 hypothesis with Chi-squared test (χ-squared = 0, p = 1.0). We were unable to rejectHnull1 , and hence we conclude that our study did not show any effect of Touch ID on users’ preferenceto lock their iPhone.185.3 LimitationsAlthough we failed to find any statistically significant difference in password selection between TouchID and non-Touch ID groups, there were several limitations, which might have impacted the outcome.First, we might not have obtained large enough sample size and there was still a fairly large bias towardsthe 19-34 age group. The U.S. Mobile Report found that over 43% of iPhone users are younger than342. Second, although we did not show any difference between two groups’ selection of the unlockingpassword, we cannot explain that phenomena from data we collected in the survey. Third, we did notcollect data on our participants’ level of technical expertise or security knowledge. That is why wedecided to proceed with a focused interview-based study, in order to improve our understanding of thereasons users choose to use 4-digit PIN-codes, which are usually weaker than passwords.2The U.S. Mobile App Report’14 https://www.comscore.com/Insights/Presentations-and-Whitepapers/2014/The-US-Mobile-App-Report19Chapter 6Study 2 – InterviewsWe followed the in-person study with an interview study to gain a better understanding of factors thatimpact users’ decisions on which authentication method to use in conjunction with Touch ID. Our mainobjective was to answer the following research question (RQ1): “Why Touch ID users do not employstronger authentication secrets for smartphone locking?” Answering RQ1 gave us a better understandingof users’ justification for using specific authentication method, i.e., password or a PIN-code.6.1 MethodologyWe designed our study with focus on qualitative data collection. We used semi-structured interviewssince they gave us the freedom to deviate in cases when new topics emerge. We used theoretical sam-pling, rather than random sampling, because we were interested in the richness of the subjects’ answers,rather than in demographic diversity of the participants. Each participant was paid $10 for a 20-minuteinterview. A pilot study with eight participants revealed the necessity for real life scenarios in severalquestions. We randomized order of interview questions, to mitigate question order biasTwo first interviews were conducted by two researchers together in order to ensure that all importantquestions were asked and well understood by the subjects. We audio recorded all interviews and tworesearchers coded each interview independently. After each coding, coders discussed their disagreementuntil they reached consensus. Overall, we coded 211 responses into 55 unique codes. Researchersdisagreed on the coding of 5 responses, achieving inter-rate agreement of 91%1.1Many of questions had different codes. That is why we did not calculate Cohens Kappa for each question.20Figure 6.1: Number of unique codes for each additional subject. We reached saturation around 17thsubject.6.1.1 Participant RecruitmentWe recruited subjects by directly approaching them in public places such as shopping malls, libraries andcoffee shops in Vancouver. Our inclusion criteria were subjects 19 years or older who used Touch ID ontheir iPhones. After the 17th interview, we did not observe any new codes and decided to stop interviewsafter 21st. Saturation analysis of new concepts for each additional subject is shown in Figure 6.1.6.1.2 ProcedureAfter agreeing to be interviewed and showing us their iPhone 5s, 6 or 6 Plus, each participant readand signed a consent form. The interviewer explained that the purpose of the interview was to inves-tigate how users interact with their iPhones. Interviews followed the interview guide reproduced inAppendix B and consisted of the following parts:1. Using Touch ID: In the first part of the interviews, we asked participants to describe why theyuse Touch ID, how they thought Touch ID works, whether it’s possible to use Touch ID withoutsetting up PIN or password, and why and how Touch ID impacts the iPhone security, in case the21phone gets stolen.2. Locking Behavior: We asked participants whether they locked their iPhones or not and also,what method they used (PIN or password). We verified their answers by asking them to unlocktheir iPhones. We asked them why they chose to use PIN, not a password or why they chose touse a password, not a PIN. We also asked participants about their password sharing behavior.3. iPhone Data: In this part of the interviews, we asked participants what the most valuable data intheir iPhones was, what data they considered to be confidential or sensitive and who they caredprotecting their data against.4. Data Protection: We asked participants for how long they wanted their data to be protected incase their iPhones get stolen.6.2 Results6.2.1 Participant DemographicsOverall, we recruited 21 subjects. Out of 21 participants, 10 were females, and the average age was29 (SD = 12.4). Only one participant used a password, while all others used a PIN. All participantshad owned an iPhone for over one year. Almost all subjects had owned another smartphone before thecurrent one. In addition, 16 participants lost their smartphones before, including six participants thatwere victims of smartphone theft. Participant demographics is summarized in Table 6.1.6.2.2 Reasons for Using PIN-codesThe most common reason for using 4-digit PIN-codes was the wrong perception of Touch ID impacton data security when a device is lost or stolen. In particular, nine participants did not understand howTouch ID works, which lead to confusion on the dependency between PIN-codes or passwords andTouch ID. They assumed that Touch ID “somehow” protects data-at-rest when a device is stolen, i.e.,would not allow to decrypt data without a correct fingerprint.P1 – “I guess Touch ID will protect my phone. They cannot open my phone without myfinger. So it [Touch ID] will definitely help.”22Table 6.1: Demographics of Interviewed ParticipantsParameter Property ParticipantsGender Male 11Female 10Age 19-24 725-30 431-35 236-40 241-45 346-50 3Education High School 5Professional SchoolorCollege Degree 5Bachelor 8Master or PhD 3Household income Less than 20K 220K-50K 350K-80K 780K-120K 6Prefer not to answer 3Occupation sector Food and service 1Security 1Construction 2Non-profit 1Sale and Retail 3Parks and recreation 1Hospitality 2Banking 2Biotech 1Education 2Parking industry 1Fundraising 1IT industry 2Health research 1Software 2Student 2Unemployed 1Lost smartphone Yes 16No 5Victim of smart-phone theftYes 6No 15Another evidence of subjects’ confusion was that they wrongly perceived the combination of TouchID and a PIN-code as providing higher security to data-at-rest in comparison to a PIN-code withoutTouch ID. Furthermore, some subjects ranked Touch ID even higher than a password in terms of security.For instance:23P3 – “Touch ID is more secure than PIN or password because it’s unique for the owner”Finally, some subjects were certain that PIN-codes provided higher security than passwords. Forexample:P11 – “people often choose their dogs’ names or middle names or something similar astheir passwords”The second most common factor for using a PIN-code was lack of knowledge of ability to usealphanumeric passwords. Six participants were not aware that they could use an alphanumeric passwordfor unlocking their iPhones. For instance:P4 – “Really? I even did not know that you could do this [use a password]. That is good toknow. I will look at it today”,Several subjects (2) stated that they used PIN-codes because Apple representatives helped them toset up their iPhones and showed them only how to set up a PIN-code:P5 – “When I bought my iPhone, they asked me to set up a PIN. That is why I am usingPIN”P14 – “They [Apple store customer service employee] only gave me a PIN code option”Five subjects also admitted that they got habituated to use PIN-codes from their previous devices,so that continued to use PIN-codes on the new iPhone. In addition, subjects also stated that they did notwant to remember a new password, so they just decided to use the old PIN-code on the new device:P1 – “because on my old phone I was lazy to think about password back then so now I juststuck with PIN. There is really no major reason; it is just the way it is. I am just too used tothis number and I am just too lazy to memorize a new set of numbers”.Unsurprisingly subjects also stated that they decided to use PIN-code because it is easier to use,faster to type and easier to remember in comparison to passwords. Five participants stated that they didnot store any sensitive information on their iPhones, hence, they did not care about the extra level ofsecurity a password can provide. They believed that a PIN-code is good enough to protect their phonesand did not see a reason to switch to passwords. Seven subjects reused their PIN-code across multipledevices or accounts in order to reduce the amount of information they need to remember.24P15 – “PIN is easier. I do not want to type the whole password in. If I lose my phone, it isnot a big deal for me. There is nothing important on it”Finally, subjected also stated that they share their PIN-codes with someone else, and PIN-codes areeasier to share than passwordsP8 – “Simplicity I guess. As I said before, I am not the only person who uses my iPhone. SoPIN is easy of access for other users. It is easier to give someone 1234 PIN than ’Charlie-unicorn’ is weird, capitals, asterisks, etcetera”In summary, subjects provided various reasons for sticking with PIN-codes. In particular, someparticipants did not know that they can use alphanumeric passwords, others stated that they been helpedby Apple salespersons at the shop and were only shown how to use PIN-codes. Participants also did notunderstand how Touch ID works and how it impacts the security of data-at-rest in cases when a phoneis stolen or lost. Other subjects were habituated to use PIN-codes from previous devices or wanted toreuse a PIN-code among various devices and accounts. Understandably, subjects stressed the usabilitybenefits of PIN-codes over passwords as one of the reasons to use the former. In particular, they statedthat PIN-codesa are faster, easier to use, share and memorize. Finally, some subjects justified the use ofPIN-codes by the fact that they had low requirements to security of data on their iPhones.6.2.3 Security Lock Sharing BehaviourEight subjects stated that they share their PIN-codes or passwords. They justified it by several reasons.First, a subject explained that they were pushed to share the unlocking secret:P2 – “I share with my girlfriend because she forced me to!”Second, participants trusted others with their data, and, thus shared the PIN-code or password:P19 – “I share with my boyfriend because I trust him and sometimes he uses my phone too”P10 – “I share it with my best friend because I trust her and if she has my phone and needsto look at it, she can do that”Finally, subjects shared their unlocking authentication secrets with others because of concerns withemergency cases, where someone needs to use their phone.25P9 – “I share with my girlfriend because if something happens with me, at least she knowsthe code and can unlock the device”To summarize, subjects shared their PIN-codes and passwords because of concerns about emergencycases when someone needs to use their phone, or because they trusted other people with the security oftheir data, or they were pushed to share their secrets.6.3 LimitationsThere are several limitations in this study. First, we used theoretical sampling and aimed for theoreticalsaturation rather than for random sampling and representative data, thus, we cannot make any conclu-sions on prevalence of different reasons among the general population. Second, the results of the studymight have been impacted by researcher bias. We strived to minimize this effect by using separatecoders and discussing the disagreements. Finally, subjects might have misunderstood some questions.To reduce chances of such misunderstanding we conducted a pilot study with eight subjects, with themain purpose to validate how understandable the questions are.26Chapter 7Study 3 – Online Survey on MTurkAlthough the interview study provided us with rich qualitative data, it did not allow us to measure theprevalence of the reasons subjects used to explain why they did not use stronger authentication secretfor the device locking. That is why, in the final study, we decided to use an online survey in order to (a)recruit a larger and more representative sample, (b) improve the statistical power of the first study, and,finally, (c) measure the prevalence of reasons why users did not employ stronger authentication secrets.7.1 MethodologyThe methodology of the online survey study closely resembles the structure of the in-person survey thatwe conducted in study 1 (see Section 5.1 for more details). We extended the initial questionnaire byadding questions that allowed us to answer RQM. All questions that we asked in the online survey areprovided in Appendix C. In contrast to the interview study, answering RQM through an online surveygave us the opportunity to collect descriptive statistics on reasons why users did not use stronger secretsfor the device unlocking.We recruited subjects on Mechanical Turk (MTurk) [23] between February and March 2015. Welimited MTurk workers to the US subjects only with HIT approval rate above 90%. Before running thestudy we conducted a pilot study with 149 subjects in order to make sure that we collected data properly,and survey questions did not have any significant wording issues. We paid $1.00 to each subject.In comparison with an in-person study, we were not able to validate whether a subject had an iPhoneand used the locking mechanism she claimed to use. To mitigate this concern, as a part of the survey, thesubjects were asked to submit two photos (1) a photo of an iPhone reflection in a mirror taken with the27Figure 7.1: Examples of verification photos that subjects sent us. From left to right, (1) a photo of aniPhone taken with front facing camera in a mirror, (2) a screenshot of PIN-code based iPhoneunlock interface, and (3) a screenshot of password-based iPhone unlock interface.front-facing camera, and (2) a screenshot of the unlocking interface. Examples of verification photosare shown at Figure 7.1. We later used these photos to validate the claimed iPhone model (i.e., iPhone 4,4S, 5S, etc.) and locking mechanism. In addition, we also asked subjects to provide us with the modelnumber, e.g., ME302C/A1, which has one-to-one correspondence with the marketed model, e.g., iPhone5S. We excluded all subjects that either did not provide us with photos or who provided photos that didnot match their choices in the survey. Finally, we also used attention check question, similarly to thein-person survey, in order to check if a subject read instructions carefully. We excluded all the subjectsthat failed the attention check question.7.2 Results7.2.1 Participant DemographicsOverall 698 participants have started the survey in the non-Touch ID group, and 550 has finished it. Onaverage it took about 16.3 minutes to finish the survey for non-Touch ID subjects (SD = 7.5 minutes).Note, we excluded seven subjects that took more than an hour to finish the survey. 317 subjects failedto submit correct photos of the iPhone and screen shots of the locking interface, which left us with 1991Such model can be found in an iPhone Settings General.About.Model field.28eligible subjects. Finally, 25 out of 225 subjects failed the attention check question, which reduced thenon-Touch ID group size to 201 subjects or about 33% of subjects that finished the survey.For the Touch-ID group, 521 subjects have started the survey, and 445 have finished it. On averageit took about 15.7 minutes for subjects to finish the study (s = 6.2 minutes). Similarly, we excluded fivesubjects that took over an hour to finish the study, and all the subjects that failed to submit proper proofof an iPhone and locking mechanism screenshot, and all the subjects who failed the attention checkquestion. This reduced our subject pool down to 173 subjects.Participants’ demographics, shown in Table 7.1, suggest that we recruited subjects from various oc-cupations, ranging from agriculture to public administrations. The participants’ job titles also includedvarious positions, such as managers, students, team leaders and others. Our subjects had diverse edu-cation levels, including 75 participants with Ph.D. or Masters degree. More than 50% of subjects werebetween 25 and 34 years old. Finally, our subjects had various income levels.7.2.2 Testing H1In H1 we hypothesized that, due to the usability of Touch ID, users would switch from PIN-codes topasswords with a bigger search space, in order to increase the time required for brute-force attack. Wefirst used Chi-square test to check if the proportions of users who used PIN-codes and passwords in bothgroups were different. The result of the statistical analysis did not reveal any statistically significantdifference between proportions of users who use PIN-codes or passwords in both groups (χ = 0.01, p =0.92).The 95% percentile confidence interval for the difference between the means of authentication se-crets’ entropies in two groups is [-1.91, +0.95]. That implies that in case there is a difference and we justfailed to show it, due to small sample size, then with 95% confidence we can state that the differencebetween mean entropies in Touch ID and non-Touch ID would be 1.91 bits at most. Analysis of thedifference between means entropy for authentication secrets between the non-Touch ID and Touch IDgroups with t-test did not reveal any statistically significant difference (t= -0.66, p = 0.51) between thenon-Touch ID (M = 14.13 bits, s = 5.04) and Touch ID (M = 14.61 bits, s = 8.20) groups. The results ofthe statistical tests suggest that we could not reject Hnull1 .Similarly to study 1 we estimate the amount of work an attacker will need to do on average in orderto bruteforce the whole password space for Touch ID group in the best case scenario for defenders, i.e.,29users. Considering observed average password entropy in Touch ID group (14.61 bits) and maximumpossible difference between the Touch ID and non-Touch ID group (1.91 bit) we can easily obtain themaximum possible average entropy in the Touch ID group, which is 16.52 bits2. Considering that fortesting each password candidate on iPhones, an attacker must spend at least 80ms, we showed that anattacker can bruteforce the whole search space of 16.52 bits in size in about 2 hours.7.2.3 Testing H2Considering that availability of Touch ID, gives an alternative and usable way of unlocking an iPhone,we hypothesized that the availability of Touch ID might nudge more people to lock their devices (H2).In order to test this hypothesis, we split all 18 subjects in the non-Touch ID group who did not lock theirdevice on those who had Touch ID (4) and those who did not (14). The results of Chi-square test did notreveal any statistically significant difference (χ = 3.78, p = 0.05) between the proportions of users wholock their iPhones when Touch ID is available and those who lock their iPhones when Touch ID is notavailable.7.2.4 Reasons for Using PIN-codeIn both groups, we asked users for reasons why they used a PIN-code rather than a password. Par-ticipants’ answers summary is shown at Figure 7.2. Statistical analysis did not reveal any statisticallysignificant difference in distributions of answers between the two groups (χ-squared = 4.88, p = 0.85).Note, that for such analysis we excluded the last option, i.e., “Touch ID is enough” from both groupssince it was only present in the Touch ID group.The results of the statistical analysis suggested that users in both groups use similar reasons for usinga PIN-code. We found that the top most three reasons were either related to usability of PIN-codes, i.e.,“It is faster” and “It is easier to remember”, or to the gap in knowledge, i.e., “Did not know aboutthe password”. Finally, in Touch ID group, more than 25% of subjects stated that Touch ID was goodenough for them from the security perspective.30Figure 7.2: Reasons for using PIN-codes instead of passwords for each group.31Figure 7.3: Reasons for using Touch ID (n = 173).7.2.5 Reasons for Using Touch IDThe summary of subjects’ answers is provided at Figure 7.3. Participants selected speed, convenienceand ease of use as the top most three justifications for using the Touch ID. Furthermore, more than 50%of participants stated that security that Touch ID provides was one of the reasons to use it. This suggeststhat the key factors that drive adoption of the Touch ID originate in its usability. Security benefits thatTouch ID provides to users are also important for the majority of the users.2Again, this is an overestimation and real difference of search spaces will be smaller. We chose to overestimate the searchspace to show the upper bound, i.e., the maximum work on average an attacker needs to do.327.2.6 Who Users Lock Their iPhones AgainstThe distribution of participants’ answers to the question that asked who they locked their iPhone againstis shown at Figure 7.4. Statistical analysis of distributions between the two groups did not reveal anystatistically significant difference (χ-squared = 9.98, p = 0.13). Interestingly, almost all subjects in bothgroups stated that they wanted to protect their device against strangers (see Appendix C.4 for distributionbetween insiders and strangers). At the same time, subjects were also concerned with insiders. Forinstance, around 40% in both groups locked their device against co-workers, around 30% locked theirphone against friends and family members, and around 20% locked their phones against classmates androommates. The results are in line with previously reported findings [32].We also asked subjects for how long they would want their data to be protected in case someonesteals their iPhone and tries to bruteforce their passwords to decrypt data. See Appendix C.1 question27 for all options that we gave to participants. Considering that (in Section 7.2.2) we showed thatsubjects entropy of authentication secrets used for iPhone locks is around 15 bits, this corresponds to44 minutes required to search through the whole password space. Surprisingly, we found that suchprotection met expectations of only 12% of our participants, who did not expect data protection to lastmore than one hour. The remaining 88%, however, expected that data to be protected for more than anhour. In particular, 48% of subjects expected the data to be protected for at least 40 years or indefinitely.It shows that there is a discrepancy between the strength of participants’ secrets and their expectationsabout the level of security that these secrets can provide.7.2.7 Authentication Secret Sharing BehaviourWe asked our subjects who they shared their iPhone locking authentication secrets with. The summaryof the results is presented at Figure 7.5. We did not observe any statistically significant difference insharing habits between non-Touch ID and Touch ID groups (χ-squared = 3.00, p = 0.70), thus, in ourreport we combined both groups together.Overall, we found that only 40% of subjects did not share their password with anyone. Othersshared to some extent with different categories of related people. In particular, more than 25% ofsubjects shared their password or PIN-code with a partner or other family members. About 10% ofparticipants shared their password or PIN-code with friends while almost no one shared their iPhonelock authentication secret with co-workers. In addition, 61% of all participants stated that they knew33Figure 7.4: Distribution of attackers who users lock their iPhones against. For Touch ID group (n =173), and for non-Touch ID group (n = 201).34Figure 7.5: Distribution of authentication secret for iPhone lock sharing among different groups ofpeople (n = 374).someone’s unlocking authentication secret.7.3 LimitationsThe main limitation of this study is having Mechanical Turk subjects take a picture of their phone andsend us a screenshot. This requirement substantially biased our survey toward technical users. We triedto mitigate this limitation by providing detailed instructions on how to make a screenshot.35Table 7.1: Demographics of MTurk Participants and Distribution across Two Groups and Locking Au-thentication Method Used.Parameter Property Participants %Gender Male 154 41Female 220 59Age 18 to 24 110 2925 to 34 195 5235 to 44 49 1345 to 54 17 555 to 64 2 165 or older 1 0Education Did not attend school 0 0Graduated from highschool19 51 year of college 26 72 years of college 68 183 years of college 35 9Graduated from col-lege136 36Some graduateschool15 4Completed graduateschool75 20Income $0-$24,999 67 18$25,000-$49,999 97 26$50,000-$74,999 70 19$75,000-$99,999 65 17$100,000-$124,999 34 9$125,000-$149,999 17 5$150,000-$174,999 7 2$175,000-$199,999 3 1$200,000+ 14 4Industry Agriculture 1 0Forestry, fishing,mining, quarrying,oil, and gas1 0Utilities 2 1Construction 8 2Manufacturing 7 2Trade 8 2Transportation 6 2Finance and real es-tate23 6Professional services 67 17Business and build-ing18 5Educational services 51 13Health care and so-cial52 13Inform./culture/recreation 16 4Accomm./foodservices19 5Public administration 9 2Other 106 27Role Individual Contribu-tor122 33Manager 46 12Senior Manager 7 2Regional Manager 0 0Vice President 0 0Management C Level 9 2Partner 5 1Owner 18 5Volunteer 4 1Intern 12 3Student 57 15Other 59 16Victim ofsmartphonetheftYes 43 11No 331 89ExperiencedunauthorizedaccessYes 38 10No 336 90Group non-Touch ID 201Touch ID 173Locked with non-Touch ID 177/6/18PIN/Passw/NoneTouch ID 166/7/036Chapter 8DiscussionIn this section we summarize our main findings. We first discuss the main result of the work, that is, thelack of impact of Touch ID on the entropy of unlocking authentication secrets. We then proceed withthe discussion of reasons why users do not take advantage of the Touch ID and continue using 4-digitPIN-codes. Finally, we conclude with discussion of possible approaches to address the low adoption ofstronger passwords.No Effect. Surprisingly, we did not find any statistically significant difference in entropies of un-locking authentication secrets between users who use Touch ID and those who do not. In addition, theresults of our study suggest that availability of Touch ID does not increase the ratio of users who locktheir devices. In the best case scenario for defender, i.e., under assumption that use of Touch ID doesincreases the entropy by 1.91 bits (cf. see Section refsec:mturk:testingh1), our estimates show, that onaverage an attacker would need to spend around 2 hours to bruteforce the whole password search space.However, considering the observed average entropies for both groups, i.e., around 15 bits, the attackerwould only need 44 minutes to search through the whole password space. Such a short protection timemeets desires of only 12% of smartphone users.Reasons to use 4-digit PIN-codes. The second and the third studies allowed us to get a betterunderstanding of reasons for sticking with 4-digit PINs. In particular, the results suggest, that the mainfactors are lack of awareness that passcodes are available and usability considerations. For instance, wefound that more than 30% of subjects did not know that they can use alphanumeric passwords instead of4-digit PIN. Currently, iOS 8.3, one can only use 4-digit PIN code during device initialization, even ifTouch ID sensor is setup. If user wants to switch 4-digit PIN to a passcode, she must go through settings37after an iPhone is setup. Even more, the interview study revealed that some users have helped by Applestore salespersons with setting up smartphone lock, hence, users have never explored the passcode setupoptions.The remaining subjects, approximately 70%, used 4-digit PINs due to higher usability of PINs incomparison with alphanumeric passwords. For example, more than 50% of subjects stated that theyused PINs as they are faster to type than alphanumeric passwords. Furthermore, approximately 45% ofsubjects used PINs since they are easier to remember. This suggests that more research is needed to finda usable password policy that allows users to create more memorable passwords, which they can typewith acceptable speed and accuracy while increasing passwords entropy. For instance, a similar researchto the one by Komanduri et al. [27] can be conducted with a focus on smartphone unlocking.Finally, we found that over 55% of users share their unlocking secrets with someone else, such asfamily members, friends, partners, etc. Subjects stressed that they shared unlocking secret with someoneto enable them to access their device in case of an emergency. In addition, subjects mentioned that theyare concerned that locking a smartphone makes it almost impossible to call back to the owner when thedevice is lost and found by a person who is willing to return it.Recommendations. Considering that the user can only use 4-digit PIN code during the setup on anew iPhone, including the latest models of iPhone, Apple can allow or request users to create strongerpasscodes when they set Touch ID. We plan to investigate a better user interface during iPhone locksetup phase, which increases the visibility of available options for unlocking authentication secrets infuture work.The results of the interview study suggest that the origin of such misbalance lays in the lack ofunderstanding of how Touch ID works and how it impacts the security of the data-at-rest. In particular,users did not understand that Touch ID is just a shortcut in the unlocking procedure and has no impacton the physical security of their iPhones. One possible way to address this lack of understanding is byproviding a feedback to users during the authentication secret setup phase in terms of time it takes tobruteforce such a secret, in cases the phone gets stolen. We leave the investigation of improving theinterface for choosing better authentication secrets for future work.The second suggestion is to apply gamification methods, e.g., the user can get something (app,music, game, iCloud storage) for free as a reward for creating a better passcode. The third option isto show statistics to Touch ID users on how often they actually used their PINs and suggest them to38switch to the longer alphanumeric passcode. Also, in order to mitigate the problem of hard to rememberinfrequently used passwords1, we can ask users to type the password once every 2-3 days, in locationswhere it is easy to do so, e.g., at home or in office, but not in a bus, or a car, or while walking outside.Finally. users should be able to make some features of their phones available without requiring apassword. For instance, one should be able access Health ID or to call designated numbers (e.g., homenumber of the owner or his/her partner’s number) without unlocking the device.1Items that are less frequently retrieved from human memory is harder to remember [5]39Chapter 9ConclusionIn this work we presented our investigation of Touch ID’s impact on iPhone unlocking authenticationsecrets selection by users. To characterize the impact we conducted three user studies (a) an in-personsurvey with 90 subjects, (b) an interview-based study with 21 participants, and (c) an online surveywith 374 subjects. The results of user studies did not reveal any impact of Touch ID on unlockingauthentication secrets selection. That is, users who use Touch ID and those users who don’t use TouchID tend to select authentication secrets of similar entropy. In particular, we observed that the averageentropy was 15 bits, which corresponds to 44 minutes of work for an attacker to bruteforce the wholesearch space in order to find the correct password. Surprisingly, such short protection time satisfiedonly 12% of users. The unsatisfied portion of participants misunderstood the impact of Touch ID ondata-at-rest protection. In addition, we found that more than 30% of subjects did not know that they canuse alphanumeric passwords to lock their iPhones.Based on the results of our investigation, we suggest research directions to improve the awarenessof Touch ID users of the impact of stronger passwords on data-at-rest security and increase the visibilityof the alphanumeric password option. We plan to investigate the proposed research directions in futureresearch. There are several promising directions for future work. Considering that only 12% of usersestimated the strength of their passcodes correctly, the feedback on passcode strength can help themto create a password that suits their preferences. One possible option for such feedback is to informusers how long it will take to brute force their password. Another approach is to provide users with anoption to create a stronger password when they set up Touch ID i.e. suggest them to set 8-digits PINor alphanumeric password instead of 4-digits PIN. Also, Apple customer service representatives may40educate their customers by informing them about possible risks of using weak authentication secrets.Finally. one can apply gamification methods, e.g., the user can get something (app, music, game, iCloudstorage) for free as a reward for creating a better passcode.Overall this work makes the following contributions:• We show that the assumption that such authentication methods as Touch ID would nudge users touse higher-entropy passwords is questionable. Even the opposite, we did not find any differencein passwords strengths of both groups, and, the 95% confidence interval for the mean entropydifference shows that even if there were a statistically significant difference it would not be greaterthan 1.91 bits. For iOS platform this corresponds to two extra hours of work for an adversaryduring bruteforce attack [4].• We investigate why Touch ID has not resulted in stronger authentication secrets. In particular,we showed that more than 30% of users did not know that they can use alphanumeric passwords.Others decided to use PIN-codes due to obvious usability benefits over alphanumeric passwords,e.g., easy to remember or faster to type.• Finally, we found that almost all users did not know the actual level of security a 4-digit PIN-codeprovides. In particular, we showed that only 12% of subjects correctly guessed level of securitya PIN-code can provide while others significantly overestimated it. For instance, more than 45%stated that it was desirable for them that 4-digit PIN code protects data for more than 40 years,which is far from reality.41Bibliography[1] D. Abalenkovs, P. Bondarenko, V. K. Pathapati, A. Nordbø, D. Piatkivskyi, J. E. Rekdal, and P. B.Ruthven. Mobile forensics: Comparison of extraction and analyzing methods of ios and android.Master Thesis, Gjvik University College, 2012. → pages 4[2] A. A. Al-Daraiseh, D. Al Omari, H. Al Hamid, N. Hamad, and R. Althemali. Effectiveness ofiphone’s touch id: Ksa case study. (IJACSA) International Journal of Advanced ComputerScience and Applications, 6(1):154–161, 2015. → pages 8[3] Amitay. Most common iphone passcodes.http://danielamitay.com/blog/2011/6/13/most-common-iphone-passcodes, June 2011. URLhttp://danielamitay.com/blog/2011/6/13/most-common-iphone-passcodes. last accessed March8, 2015. → pages 9[4] I. Apple. iOS Security, 8.1 and up. http://www.apple.com/business/docs/iOS Security Guide.pdf,2014. Accessed April 26, 2015. → pages 2, 9, 41[5] A. D. Baddeley. Human memory: Theory and practice. Psychology Press, 1997. → pages 39[6] P. Bao, J. Pierce, S. Whittaker, and S. Zhai. Smart phone use by non-mobile business users. InProceedings of the 13th International Conference on Human Computer Interaction with MobileDevices and Services, pages 445–454. ACM, 2011. → pages 9[7] C. Bhagavatula, B. Ur, K. Iacovino, S. M. Kywe, L. F. Cranor, and M. Savvides. Biometricauthentication on iphone and android: Usability, perceptions, and influences on adoption. USEC’15, February 2015. → pages 7, 9, 10[8] J. Bonneau. The science of guessing: analyzing an anonymized corpus of 70 million passwords.In Security and Privacy (SP), 2012 IEEE Symposium on, pages 538–552. IEEE, 2012. → pages2, 8[9] J. Bonneau, C. Herley, P. C. Van Oorschot, and F. Stajano. The quest to replace passwords: Aframework for comparative evaluation of web authentication schemes. In Security and Privacy(SP), 2012 IEEE Symposium on, pages 553–567. IEEE, 2012. → pages 7, 8[10] F. Breitinger and C. Nickel. User survey on phone security and usage. In BIOSIG, pages139–144, 2010. → pages 9[11] H. Crawford and K. Renaud. Understanding user perceptions of transparent authentication on amobile device. Journal of Trust Management, 1(1):7, 2014. → pages 9[12] A. De Luca, A. Hang, E. von Zezschwitz, and H. Hussmann. I feel like i’m taking selfies all day!towards understanding biometric authentication on smartphones. In CHI’15, Seoul, Korea, 2015.→ pages 942[13] S. Egelman, S. Jain, R. Portnoff, K. Liao, S. Consolvo, and D. Wagner. Are you ready to lock?understanding user motivations for smartphone locking behaviors. In Proceedings of the 2014ACM SIGSAC Conference on Computer & Communications Security, CCS, volume 14, 2014. →pages 8[14] Ericsson. Ericsson mobility report.http://www.ericsson.com/res/docs/2014/ericsson-mobility-report-june-2014.pdf, June 2014. URLhttp://www.ericsson.com/res/docs/2014/ericsson-mobility-report-june-2014.pdf. last accessedJune 25, 2013. → pages 1[15] R. D. Findling and R. Mayrhofer. Towards face unlock: on the difficulty of reliably detectingfaces on mobile phones. In Proceedings of the 10th International Conference on Advances inMobile Computing & Multimedia, pages 275–280. ACM, 2012. → pages 7[16] D. Florencio and C. Herley. A large-scale study of web password habits. In Proceedings of the16th international conference on World Wide Web, pages 657–666. ACM, 2007. → pages 7, 8[17] D. Florencio and C. Herley. A large-scale study of web password habits. In WWW ’07:Proceedings of the 16th International Conference on World Wide Web, pages 657–666, NewYork, NY, USA, 2007. ACM. ISBN 978-1-59593-654-7.doi:http://doi.acm.org/10.1145/1242572.1242661. → pages 8[18] D. Floreˆncio and C. Herley. Where do security policies come from? In Proceedings of the SixthSymposium on Usable Privacy and Security, SOUPS ’10, pages 10:1–10:14, New York, NY,USA, 2010. ACM. ISBN 978-1-4503-0264-7. doi:http://doi.acm.org/10.1145/1837110.1837124.URL http://doi.acm.org/10.1145/1837110.1837124. → pages 2[19] M. Gao, X. Hu, B. Cao, and D. Li. Fingerprint sensors in mobile devices. In IndustrialElectronics and Applications (ICIEA), 2014 IEEE 9th Conference on, pages 1437–1440. IEEE,2014. → pages 9[20] Google. Ice cream sandwich.https://developer.android.com/about/versions/android-4.0-highlights.html, March 2011. URLhttps://developer.android.com/about/versions/android-4.0-highlights.html. last accessed March 8,2015. → pages 7[21] M. Harbach, E. von Zezschwitz, A. Fichtner, A. D. Luca, and M. Smith. It’s a hard lock life: Afield study of smartphone (un)locking behavior and risk perception. In Symposium On UsablePrivacy and Security (SOUPS 2014), pages 213–230, Menlo Park, CA, July 2014. USENIXAssociation. ISBN 978-1-931971-13-3. URLhttps://www.usenix.org/conference/soups2014/proceedings/presentation/harbach. → pages 8[22] C. Herley and P. Van Oorschot. A research agenda acknowledging the persistence of passwords.Security & Privacy, IEEE, 10(1):28–36, 2012. → pages 8[23] https://www.mturk.com. Amazon Mechanical Turk. https://www.mturk.com/, 2005. → pages 27[24] M. Jakobsson and R. Akavipat. Rethinking passwords to adapt to constrained keyboards. Proc.IEEE MoST, 2012. → pages 9[25] M. Jakobsson, E. Shi, P. Golle, and R. Chow. Implicit authentication for mobile devices. InProceedings of the 4th USENIX conference on Hot topics in security, HotSec’09, Berkeley, CA,43USA, 2009. USENIX Association. URL http://dl.acm.org/citation.cfm?id=1855628.1855637. →pages 9[26] S. Karthikeyan, S. Feng, A. Rao, and N. Sadeh. Smartphone fingerprint authentication versuspins: A usability study (cmu-cylab-14-012). CMU-CyLab, pages 14–012, July 31 2014. → pages8[27] S. Komanduri, R. Shay, P. G. Kelley, M. L. Mazurek, L. Bauer, N. Christin, L. F. Cranor, andS. Egelman. Of passwords and people: measuring the effect of password-composition policies. InProceedings of the 2011 annual conference on Human factors in computing systems, CHI ’11,pages 2595–2604, New York, NY, USA, 2011. ACM. ISBN 978-1-4503-0228-9.doi:http://doi.acm.org/10.1145/1978942.1979321. URLhttp://doi.acm.org/10.1145/1978942.1979321. → pages 8, 38[28] S. Lee and S. Zhai. The performance of touch screen soft buttons. In Proceedings of the SIGCHIConference on Human Factors in Computing Systems, pages 309–318. ACM, 2009. → pages 9[29] I. Lookout. Lost and found: The challenges of finding your lost or stolen phone. http://blog.mylookout.com/2011/07/lost-and-found-the-challenges-of-finding-your-lost-or-stolen-phone/,2011. last accessed August 18, 2011. → pages 1[30] V. Matya´sˇ and Z. Rˇı´ha. Biometric authentication—security and usability. In AdvancedCommunications and Multimedia Security, pages 227–239. Springer, 2002. → pages 8[31] I. Muslukhov, Y. Boshmaf, C. Kuo, J. Lester, and K. Beznosov. Understanding users’requirements for data protection in smartphones. In Workshop on Secure Data Management onSmartphones and Mobiles, 2012. → pages 1[32] I. Muslukhov, Y. Boshmaf, C. Kuo, J. Lester, and K. Beznosov. Know your enemy: the risk ofunauthorized access in smartphones by insiders. In Proceedings of the 15th internationalconference on Human-computer interaction with mobile devices and services, MobileHCI ’13,pages 271–280, New York, NY, USA, 2013. ACM. ISBN 978-1-4503-2273-7.doi:10.1145/2493190.2493223. URL http://doi.acm.org/10.1145/2493190.2493223. → pages 1,9, 33[33] A. D. Portal. Encryption — android developers, May 2015. URLhttps://source.android.com/devices/tech/security/encryption/index.html. → pages 1[34] M. A. Sasse. Red-eye blink, bendy shuffle, and the yuck factor: A user experience of biometricairport systems. Security & Privacy, IEEE, 5(3):78–81, 2007. → pages 9[35] F. Schaub, R. Deyhle, and M. Weber. Password entry usability and shoulder surfing susceptibilityon different smartphone platforms. In Proceedings of the 11th International Conference onMobile and Ubiquitous Multimedia, page 13. ACM, 2012. → pages 1[36] R. Shay, S. Komanduri, P. G. Kelley, P. G. Leon, M. L. Mazurek, L. Bauer, N. Christin, and L. F.Cranor. Encountering stronger password requirements: user attitudes and behaviors. InProceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS ’10, pages2:1–2:20, New York, NY, USA, 2010. ACM. ISBN 978-1-4503-0264-7.doi:http://doi.acm.org/10.1145/1837110.1837113. URLhttp://doi.acm.org/10.1145/1837110.1837113. → pages 244[37] A. Skillen and M. Mannan. On implementing deniable storage encryption for mobile devices. InProceedings of the 20th Annual Network and Distributed System Security Symposium, NDSSSymposium’13, San Diego, CA, USA, 2013. → pages 9[38] M. F. Theofanos, R. J. Micheals, and B. C. Stanton. Biometrics systems include users. SystemsJournal, IEEE, 3(4):461–468, 2009. → pages 9[39] S. J. Tipton, D. J. White II, C. Sershon, and Y. B. Choi. iOS security and privacy: Authenticationmethods, permissions, and potential pitfalls with touch id. International Journal of Computer andInformation Technology, 03(03), May 2014. ISSN 2279 ? 0764. → pages 8[40] T. Trimpe. Fingerprint basics.http://sciencespot.net/Media/FrnsScience/fingerprintbasicscard.pdf, June 2009. URLhttp://www.ericsson.com/res/docs/2014/ericsson-mobility-report-june-2014.pdf. last accessedMarch 5, 2015. → pages 9[41] C. S. Weir, G. Douglas, M. Carruthers, and M. Jack. User perceptions of security, convenienceand usability for ebanking authentication tokens. Computers & Security, 28(1):47–62, 2009. →pages 8[42] H. Wimberly and L. M. Liebrock. Using fingerprint authentication to reduce system security: Anempirical study. In Security and Privacy (SP), 2011 IEEE Symposium on, pages 32–46. IEEE,2011. → pages 9[43] J. Zdziarski. Identifying back doors, attack points, and surveillance mechanisms in iOS devices.Digital Investigation, 11(1):3–19, 2014. → pages 545Appendix AIn-person Survey Guide and QuestionsA.1 Agenda1. Introduce yourself, your affiliation and give an overview of the study: “The purpose of this studyis to investigate how users interact with iPhones. We aim to investigate users’ motivation forchoosing passwords and using fingerprint unlock. You will be asked to answer the questionnaireon iPad. It will take approximately 15 minutes. Please feel free to provide any comments andfeedback on the study”.2. Verify that the participant has iPhone.3. After the participant read and agreed with the consent form, asked her to read and sign a paymentreceipt and hand her a honorarium payment of $10.4. After a participant completed the survey, conduct short exit interview asking PIN users “Whydo you use 4-digit PIN, not alphanumeric password?” and password users “Why do you usealphanumeric password, not PIN?”.5. Verify the length of the password and auto-lock time.6. Debrief.A.2 Questions for Both Conditions1. What is your age? 11Questions that does not have suggested possible answers are open-ended questions462. What is your gender?(a) Female(b) Male(c) Prefer not to answer3. What is your highest level of completed education?(a) High school(b) College degree(c) Bachelor(d) Master or PhD(e) Other, please specify4. What industry have you worked for the past 6 months?(a) Agriculture(b) Forestry, fishing, mining, quarrying, oil and gas(c) Utilities(d) Construction(e) Manufacturing(f) Trade(g) Transportation and warehousing(h) Finance, insurance, real estate and leasing(i) Professional, scientific and technical services(j) Business, building and other support services(k) Educational services(l) Healthcare and social assistance(m) Information, culture and recreation(n) Accommodation and food services47(o) Public administration(p) Other5. What is the annual income of your household?(a) Less than $20,000(b) Above $20,000, below $50,000(c) Above $50,000, below $80,000(d) Above $80,000, below $120,000(e) Above $120,000(f) Prefer not to answer6. Have you ever lost your smartphone?(a) Yes(b) No7. Have you been a victim of smartphone theft?(a) Yes(b) No8. In your opinion, what unlocking method is more secure?(a) Multi-character password(b) 4-digit PIN(c) Fingerprint unlock (Touch ID)(d) Eye recognition(e) Face recognition(f) None of them(g) I have no idea9. You are willing to use face recognition authentication48(a) Strongly disagree(b) Disagree(c) Agree(d) Strongly agree(e) I don’t know10. Please explain your answer to the previous question.11. What is the model of your iPhone?(a) 5s, 6 or 6 Plus(b) 5c or earlier model(c) I am not sure(d) Other, please specify12. Do you use the same password for your iPhone as you used in your previous smartphone?(a) Yes(b) No(c) N/A(d) Prefer not to answer13. How often do you change your PIN or password?(a) Weekly(b) Monthly(c) Every six months(d) Once a year(e) Never(f) I don’t know4914. Enter a structure of your iPhone password. That is, substitute each digit (single digit number)with D, lowercase with L, uppercase with U, special character with S. For example structure forpassword A1b%B is UDLSU.15. For how long have you been using an iPhone during last 5 years?(a) Less than a year(b) 1 to 2 years(c) 2 to 3 years(d) Over 3 years16. Does your iPhone store any sensitive or confidential information?(a) Yes(b) No(c) I have no idea17. What is the worst thing that could happen to your iPhone?(a) My iPhone gets broken or stolen, but I recover my data, so nobody will get access to mydata(b) Someone get access to the data on my iPhone(c) Someone misuses my apps and account(d) Other, please specify18. On average, how frequently do you unlock your iPhone?(a) Once a day(b) Few times a day(c) Once per hour(d) Few times per hour(e) I have no idea5019. What is your iPhone auto lock time (how long the screen stays on if the device is not being used)?(a) Never(b) 1 min(c) 2 min(d) 3 min(e) 4 min(f) 5 min(g) I don’t know20. A simple password is a 4-digit number. Do you know how to turn simple password off in thesettings?(a) Yes(b) No21. Have you ever shared your iPhone password with anybody else?(a) Yes(b) No(c) Maybe22. Do you know anybody else smartphone security lock?(a) Yes(b) No(c) Maybe23. What motivates you to lock your iPhone? Select all that apply.(a) My friends lock their phones(b) Locking prevents strangers from using my iPhone(c) It’s easy to lock51(d) Locking controls when my family or friends can use my iPhone(e) Other, please specify24. (alternative) Why do you choose not to lock your iPhone? Select all that apply.(a) Information on my iPhone is useless(b) In case of loss, I can easily be contacted(c) It is too much effort(d) In case of emergency, others can use my iPhone(e) None of the above(f) Other, please specify25. What kind of smartphone did you own before iPhone?(a) Android(b) Windows Phone(c) iPhone(d) BlackBerry(e) None of them(f) Other, please specify26. What security lock have you used for your old smartphone?(a) Multi-character password(b) 4-digit PIN(c) Fingerprint unlock (Touch ID)(d) Pattern Lock(e) Face recognition(f) I didn’t use a lock(g) I didn’t have a smartphone52(h) Other, please specify27. Enter a structure of your previous smartphone password. That is, substitute each digit (singledigit number) with D, lowercase with L, uppercase with U, special character with S. For examplestructure for password A1b%B is UDLSU.A.3 Questions for Touch ID Group1. How hard was it to set up Touch ID?(a) Very difficult(b) Difficult(c) Decent(d) Easy(e) Very easy2. Is it easy to use Touch ID?(a) Very difficult(b) Difficult(c) Decent(d) Easy(e) Very easy3. Why do you use Touch ID?(a) Convenience(b) Novelty(c) Security(d) Time(e) Ease of use(f) Reliability53(g) Privacy(h) Cool to use(i) Fun to use(j) Other, please specify4. Have you ever had issues with using Touch ID?(a) Yes(b) No(c) I don’t know5. In your own experience, what situations are best suited for using Touch ID? Select all that apply.Answers are in random order for each survey.(a) Driving(b) Walking(c) Sitting(d) When using only one hand(e) When it’s dark(f) When the owner is intoxicated(g) Other, please specify6. What situations are NOT suitable for using Touch ID? Select all that apply. Answers are in randomorder for each survey.(a) Driving(b) Walking(c) Sitting(d) When using only one hand(e) When it’s dark(f) When the owner is intoxicated54(g) Other, please specify7. Does use of Touch ID affect your privacy?(a) Yes(b) No(c) I don’t know8. What is your major security or privacy concern about Touch ID?9. What kind of limitations do you experience because of using Touch ID?10. What kind of situations Touch ID should be temporarily disabled according to your own experi-ence?11. You feel that it is easy to circumvent Touch ID(a) Very difficult(b) Difficult(c) Decent(d) Easy(e) Very easy12. Would you recommend using Touch ID to your friend?(a) Yes(b) Maybe(c) No13. Please explain your answer to the previous question.14. Overall, how satisfied are you with using Touch ID?(a) I hate it(b) I dislike it55(c) I’m OK with it(d) I like it(e) I love it!A.4 Questions for Non-Touch ID1. Have you ever used a biometric authentication system?(a) Yes(b) No(c) I don’t know what is biometric authentication(d) I’m not sure I used biometric authentication2. In general, what are your major security or privacy concerns about biometric authentication?3. You are willing to use face recognition authentication(a) Strongly disagree(b) Disagree(c) Agree(d) Strongly agree(e) I don’t know4. Please explain your answer to the previous question.5. You are willing to use fingerprint authentication(a) Strongly disagree(b) Disagree(c) Agree(d) Strongly agree(e) I don’t know566. Please explain your answer to the previous question.7. Would you start using longer alphanumeric password alongside with using of fingerprint scanner?(a) Yes(b) Maybe(c) No(d) I don’t knowA.5 Final Instructions for Both GroupsPlease follow the instructions in the order given below:1. Lock your iPhone.2. Turn your iPhone on.3. Swipe to unlock.4. Enter your password (DO NOT PRESS ‘DONE’).5. Show your masked password to the researcher (we just want to count number of characters).6. Navigate to the ‘Settings’, ‘General’ and show the auto-lock interval to the researcher.Thank you for your participation!57A.6 In-person Survey Supplemental GraphFigure A.1: Study 1 (in-person surveys) Touch ID participants’ answers for questions ”How hard wasit to set up Touch ID?”, ”Is it easy to use Touch ID?” and ”Overall, how satisfied are you withusing Touch ID?” (n = 41).58Appendix BInterview Guide and QuestionsB.1 Agenda1. Introduce yourself, your affiliation and give an overview of the study: “The purpose of the studyis to investigate how users interact with iPhones. We aim to investigate users’ motivation forchoosing passwords and using fingerprint scanner. t will take approximately 15 minutes. Pleasefeel free to provide any comments and feedback on the study”.2. Verify that a participant has iPhone 5S, 6 or 6 Plus with her.3. Ask her to unlock her iPhone without using Touch ID.4. Ask the participant to read and sign the consent form.5. Turn on audio recording.6. When interview is over, turn off audio recording.7. Ask the participant to fill out a demographics form.8. Ask the participant to sign a receipt form.B.2 Questions1. Lets talk about your use of Touch ID:(a) Why do you use Touch ID?59(b) How do you think Touch ID works?(c) Do you know if you can use Touch ID without a password/PIN?(d) How do you think Touch ID impacts the security of your device in case it gets stolen? [Ask toelaborate. Clarify that after Touch ID recognizes the fingerprint, it restores PIN or passwordand unlocks device using PIN or password]2. Password vs. PIN code section:(a) Can I ask you if the password/PIN code that unlocks your iPhone is being used anywhereelse? [Other Devices, Web-Sites, Credit Cards, other online services](b) Do you share your password/PIN with anyone else, like family members, friends of col-leagues? [YES] Why do you do that?(c) Do you know how to switch iPhone lock from PIN to password? [Please, show me how todo that](d) Did you change your password/PIN after you started using Touch ID enabled iPhone? Why[for both cases]?(e) Why do you use PIN, not password? (OR Why do you use password, not PIN?)3. Let’s talk about how you use your iPhone:(a) What is the most valuable in your phone for you? How about your data? [Ask to elaborateon data types](b) Is there any data that you consider to be confidential, private or sensitive? [Ask to providesome examples](c) Who do you care protecting your private data against? [Strangers, Co-workers, Friends,Family]4. Lets consider the following scenario: “Someone stole your iPhone. He is trying to get into it toget access to your data by guessing your PIN or password. Also, he is very careful, and removedSIM card so that your iPhone is not connected to the Internet.” For how long would you like youriPhone to be able to protect your [sensitive, confidential, private] data in hands of such criminal?60Appendix COnline Survey QuestionsC.1 Questions for Both Groups1. What is the model of your iPhone?(a) 3G, 3GS, 4, 4S, 5 or 5c(b) 5s, 6 or 6 Plus(c) I don’t know(d) Other, please specify2. What is the model number of your iPhone? You can find the model number in the About screenon your iPhone. Choose Settings, General, About.3. How often do you change your PIN/password?(a) Hourly(b) Daily(c) Weekly(d) Monthly(e) Every six months(f) Once a year(g) Never61(h) I don’t use either PIN or password(i) I don’t know4. When did you change your iPhone PIN password last time?(a) 1-2 hours ago(b) 1-2 days ago(c) 1-2 weeks ago(d) 3-4 weeks ago(e) 1-2 months ago(f) 3-6 months ago(g) 6-12 months ago(h) More than 12 months ago(i) Never5. When did you change last but one iPhone PIN/password?(a) 1-2 hours ago(b) 1-2 days ago(c) 1-2 weeks ago(d) 3-4 weeks ago(e) 1-2 months ago(f) 3-6 months ago(g) 6-12 months ago(h) More than 12 months ago(i) Never6. For how long in total have you been using iPhone?(a) Less than a year62(b) 1 to 2 years(c) 2 to 3 years(d) Over 3 years7. What is the worst thing that could happen to your iPhone?(a) My iPhone gets broken, but I recover my data(b) My iPhone gets broken, but I do not recover my data(c) Someone steals my iPhone and gets access to my iPhone data, my apps or my accounts(d) Other, please specify8. On average, how frequently do you unlock your iPhone?(a) Once a day(b) A few times a day(c) Once per hour(d) A few times per hour(e) I have no idea9. What is your iPhone auto lock time (i.e. how long does the screen stay on if the device is notbeing used)? You can find iPhone auto lock time in Settings, General, Auto-Lock.(a) Never(b) 1 min(c) 2 min(d) 3 min(e) 4 min(f) 5 min(g) I don’t know10. Do you use 4-digit PIN or alphanumeric password for unlocking your iPhone?63(a) PIN(b) Password. Please enter the structure of your iPhone password. That is, substitute eachsingle digit number with D, lowercase with L, uppercase with U, special character with S.For example the structure for password A1b%B is UDLSU(c) Neither11. What motivates you to lock your iPhone? Select all that apply.(a) My friends lock their phones.(b) Locking makes my iPhone inaccessible in case I lose it.(c) Its easy to lock(d) Locking gives me control over when my family or friends want to use my iPhone(e) Other, please specify12. (Optional) Why do you choose not to lock your iPhone? Select all that apply.(a) Information on my iPhone is not sensitive and I do not care if others look into it(b) In case of loss, I can easily be contacted(c) It is too much effort to lock(d) In case of emergency, others can use my iPhone to call my family and friends(e) I never lose sight of my iPhone, it’s always with me(f) Other, please specify13. Do you use the same PIN/password for your iPhone as you used in your previous smartphone?(a) Yes(b) I did not use PIN/password in my previous smartphone.(c) This is my first phone.(d) No14. Do you use your iPhone PIN/password anywhere else (for web sites, credit cards, other onlineservices)?64(a) Yes(b) No15. Do you share your iPhone PIN/password with anyone else, e.g. family members, friends of col-leagues?(a) Yes. Who do you share you iPhone PIN/password with? Family, Friends, Co-workers,Partners, No one, Other(b) No(c) Other, please specify16. Do you know anybody else smartphone security lock?(a) Yes(b) No17. Does your iPhone store any sensitive or confidential information?(a) Yes(b) No(c) I don’t know18. Who do you care protecting your private data against?(a) Strangers(b) Co-workers(c) Friends(d) Family(e) Classmates(f) Roommates(g) Other, please specify19. What kind of smartphone did you owe or use right before your current iPhone?65(a) Feature phone(b) Android(c) Windows Phone(d) iPhone(e) BlackBerry(f) None(g) Other, please specify20. What security lock have you used for your old smartphone? Select all that apply.(a) Alphanumeric password. Enter the structure of your previous smartphone password. Thatis, substitute each single digit number with D, lowercase with L, uppercase with U, specialcharacter with S. For example the structure for password A1b%B is UDLSU.(b) Long PIN (PIN with 5 or more digits)(c) 4-digit PIN(d) Fingerprints (Touch ID)(e) Pattern(f) Face recognition(g) I didn’t use a lock(h) I didn’t have a smartphone(i) Other, please specify21. In your opinion, what unlocking method provides the best security for your iPhone?(a) Alphanumeric password(b) 4-digit PIN(c) Fingerprint scanner (Touch ID) + 4-digit PIN(d) Fingerprint scanner (Touch ID) + alphanumeric password(e) Other, please specify6622. Do you know that you can use alphanumeric password for unlocking your iPhone?(a) Yes. Please, provide exact steps how you can turn on alphanumeric password(b) No23. Please, rate your agreement with the following statements. PIN is good enough for unlocking theiPhone(a) Strongly disagree(b) Disagree(c) Neutral(d) Agree(e) Strongly agree24. My iPhone is more secure if I use Touch ID than PIN/password alone.(a) Strongly disagree(b) Disagree(c) Neutral(d) Agree(e) Strongly agree25. Why do you use 4-digit PIN, not alphanumeric password?(a) Touch ID is enough to protect my iPhone, so I do not see a reason why I should use apassword(b) I didn’t know that there is an alphanumeric password option(c) PIN is easier to remember(d) PIN is faster to type(e) PIN is easier to share(f) I continue with PIN, because I used PIN in my previous smartphone(s)(g) PIN provides enough security for my iPhone67(h) I use the same PIN for multiple devices or accounts(i) I do not care about security of my iPhone(j) I do not have any sensitive data on my iPhone that I need to protect(k) Other, please specifyalternative Why do you use alphanumeric password, not 4-digit PIN?(a) Password is more secure than PIN.(b) My company requires me to use password.(c) I continue with password, because I used password in my previous smartphone.(d) Other, please specify26. What do you think the most common way for an attacker to break into your iPhone?(a) Guessing (aka brute forcing) PIN/password to unlock your iPhone(b) Using social engineering to learn your PIN/password(c) Shoulder surfing(d) Other, please specify:27. Lets consider the following scenario: “Someone has stolen your iPhone. He is trying to get intoyour iPhone to get access to your data. She is doing so by guessing your PIN/password. Also, sheis very careful, and removed SIM card so that your iPhone is not connected to the Internet. Thus,you can not remotely wipe or ‘kill’ your iPhone.” For how long would you like your iPhone to beable to protect your data in hands of such criminal?(a) SLIDEBAR [0-1h-3h-6-12-1d-2-3-1w-2w-1m-2m-6m-1y-2y-forever]28. What is your gender?(a) Female(b) Male(c) Prefer not to answer29. What is your age?6830. What is your highest level of completed education?(a) High school(b) College degree(c) Bachelor(d) Master or PhD(e) Other, please specify31. What industry have you worked for the past 6 months?(a) Agriculture(b) Forestry, fishing, mining, quarrying, oil and gas(c) Utilities(d) Construction(e) Manufacturing(f) Trade(g) Transportation and warehousing(h) Finance, insurance, real estate and leasing(i) Professional, scientific and technical services(j) Business, building and other support services(k) Educational services(l) Healthcare and social assistance(m) Information, culture and recreation(n) Accommodation and food services(o) Public administration(p) Other services, please specify32. What is your job title?33. What is the annual income of your household?69(a) Less than $20,000(b) Above $20,000, below $50,000(c) Above $50,000, below $80,000(d) Above $80,000, below $120,000(e) Above $120,000(f) Prefer not to answer34. Have you ever lost your smartphone?(a) Yes(b) No35. Have you ever been a victim of smartphone theft?(a) Yes(b) No36. Have you ever experienced a situation when somebody has unauthorizedly used your iPhone fordata access or making a call?(a) Yes(b) No37. You have almost completed the survey. We have to make sure that our data are valid and notbiased. Specifically, we are interested in whether you read instructions closely. Please select theoption ’no answer’ for this question. How long did you feel this survey was?(a) Very long(b) Long(c) Neither short nor long(d) Very short(e) No answer70C.2 Questions for Non-Touch ID group1. Biometrics authentication is used in computer science as a form of identification and access con-trol. Examples include fingerprint and face recognition Have you ever used a biometric authenti-cation system?(a) Yes(b) No(c) I’m not sure I used biometric authentication2. In general, what are your major security or privacy concerns about biometric authentication?3. Please, rate your agreement with the following statements. I am willing to use face recognitionauthentication(a) Strongly disagree(b) Disagree(c) Neutral(d) Agree(e) Strongly agree4. I am willing to use fingerprint authentication like Touch ID(a) Strongly disagree(b) Disagree(c) Neutral(d) Agree(e) Strongly agree5. I am willing to use a longer alphanumeric password alongside the fingerprint scanner such asTouch ID(a) Strongly disagree(b) Disagree71(c) Neutral(d) Agree(e) Strongly agreeC.3 Questions for Touch ID Group1. Why do you use Touch ID? Select all that apply.(a) Convenience(b) Novelty(c) Security(d) Time/speed(e) Ease of use(f) Reliability(g) Privacy(h) Efficiency(i) Cool to use(j) Fun to use(k) Other, please specify2. Please, rate your agreement with the following statements. PIN is good enough for unlocking theiPhone(a) Strongly disagree(b) Disagree(c) Neutral(d) Agree(e) Strongly agree3. My iPhone is more secure if I use Touch ID than PIN/password alone.72(a) Strongly disagree(b) Disagree(c) Neutral(d) Agree(e) Strongly agree4. It was difficult for me to set up Touch ID(a) Strongly disagree(b) Disagree(c) Neutral(d) Agree(e) Strongly agree(f) I did not set it up5. It is easy for me to use Touch ID(a) Strongly disagree(b) Disagree(c) Neutral(d) Agree(e) Strongly agree6. Overall, I am satisfied with using Touch ID(a) Strongly disagree(b) Disagree(c) Neutral(d) Agree(e) Strongly agree73C.4 Online Survey Supplemental GraphFigure C.1: Distribution of attackers (insiders and strangers) who users lock their iPhones against. ForTouch ID group (n = 173), and for non-Touch ID group (n = 201).74

Cite

Citation Scheme:

        

Citations by CSL (citeproc-js)

Usage Statistics

Share

Embed

Customize your widget with the following options, then copy and paste the code below into the HTML of your page to embed this item in your website.
                        
                            <div id="ubcOpenCollectionsWidgetDisplay">
                            <script id="ubcOpenCollectionsWidget"
                            src="{[{embed.src}]}"
                            data-item="{[{embed.item}]}"
                            data-collection="{[{embed.collection}]}"
                            data-metadata="{[{embed.showMetadata}]}"
                            data-width="{[{embed.width}]}"
                            async >
                            </script>
                            </div>
                        
                    
IIIF logo Our image viewer uses the IIIF 2.0 standard. To load this item in other compatible viewers, use this url:
https://iiif.library.ubc.ca/presentation/dsp.24.1-0166310/manifest

Comment

Related Items