Knowledge-based user authentication on mobile devices is gradually being replaced by biometric methods, as trustworthy sensors become available and affordable. However, Personal Identification Numbers, and graphical password schemes like the Android Pattern Unlock are fundamental assets for maintaining security and usability. They are the primary means to be utilized before setting up biometric authentication (e.g., Face ID) and they constitute an auxiliary/backup method to be used in case the biometric sensor on the device fails. Passcodes need to be memorable in order to be usable, therefore users tend to choose easy to guess passwords, compromising security. The Android Pattern Unlock is a great example of a popular and usable graphical password scheme which can be easily compromised because of common human behavioristic traits that are evident and predominant when users are called to form their passcodes. The popularity of this password scheme has led researchers to propose adjustments and variations that enhance security but maintain the familiar user interface. Nevertheless, prior work demonstrated that improving security while preserving usability remains frequently a hard task. In our paper (to be presented in HCI International 2022 end of June 2022) we propose a novel graphical password scheme built on the foundations of the well-accepted Android Pattern Unlock method, which is usable, inclusive, and robust against shoulder surfing and smudge attacks. Our scheme, features a dynamic user interface that mutates every time a user swipes the screen. Our pilot studies illustrate that “Bu-Dash” attracts positive user acceptance rates and maintains high usability levels.

A preprint is available.

Cite as: “Andriotis, P., Kirby, M., Takasu, A. (2022). Bu-Dash: A Universal and Dynamic Graphical Password Scheme. In: Moallem, A. (eds) HCI for Cybersecurity, Privacy and Trust. HCII 2022. Lecture Notes in Computer Science, vol 13333. Springer, Cham.”

It's not the "Squid Games". It's the "Bu-Dash" scheme.